New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You can use wildcard LE certificate with DNS challenge and use it with your domain with whatever IP addresses are.
I use Letsencrypt with a wildcard
So for basically any certificate LE with DNS challenge should be your go to, it’s great and works really well and is what I use for both external and internal services.
0ssl
As others said, letsencrypt (or similar) is free. Must be renewed every 70-90 days though.
Since it's internal, you could just create a self-signed cert and let the browsers complain with warnings. Or, create your own CA, install the CA on the clients and generate server certs to expire whenever you want.
Certbot can auto renew the certificate after 90 days.
+1 for Let’s Encrypt and DNS challenge.
Depending on your DNS provider this can be automated using API.
LE with DNS validation, can give you as many certs as you want for internal usage.
The problem is with DNS, we have an internal DNS network.
and our domain is not registered, it is www.com
ERROR: https://prnt.sc/pGwqxFHTYJ1K
You need intranet SSL. Those aren't cheap, so you better use self-signed ones.
Self signed with 69years expiry
But browsers in intranet are not showing secure icon for self signed
It even show, website is not secure warring
Create a certificate from your own created root CA and make sure your clients (e.g. browser) have the root CA installed as trusted.
Web server Caddy generates its own CA and uses it to sign certificates: (Usually apply Let's Encrypt or ZeroSSL)
https://caddyserver.com/docs/automatic-https#local-https
Publicly trusted CA not allowed to sign such internal domain, so installing private CA certficiate to your client is only option for that domain. or change intrannet domain into a public name and use split horizen DNS server
It is my network at job.|
But we have about 700 PC's in the network.
How to make a certificate as trusted for all PCs?
But there is no .int domain available?
I will like to find some intranet SSL for about 10-20$
Everything that I found is about 500$ - intranet SSL for a custom domain.
REGARDS
I hope you have some form of endpoint management running with 700 machines. You'd push out your internal CA via that.
Or just migrate your intranet to a domain that you can generate valid certificates for.
The best solution has been mentioned quite a few times. Get a domain at a provider that allows DNS challenges (API or modules for webservers or tools that will do it for you, like traefik or certbot). Youll get a wildcard cert like *.intranet.example.com and use it for whatever service you need.
We use acme.sh + DNS challenge plugin.