HTTPS Certificate for internal use

I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world)

Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted.

Access is provided by a local DNS domain name resolved on local DNS server (example: https://myapp.local/), that maps that address to 192.168.x.y

Is there some provider that can issue me a proper certificate for use on an internal domain name (myapp.local)? Or is my only option to use a FQDN on a real domain, and later map it to a local IP address?

Note: I would like an option where it's not needed to mark the server public key as trusted on each browser, as I have not control over workstations.


You have two practical options:

  1. Stand up your own CA. You can do it with OpenSSL and there's a lot of Google info out there.

  2. Keep using your self-signed cert, but add the public key to your trusted certs in the browser. If you're in an Active Directory domain, this can be done automatically with group policy.


I did the following, which worked nicely for me:

I got a wildcard SSL cert for *.mydomain.com (Namecheap, for example, provide this cheaply)

I created a CNAME DNS record pointing "mybox.mydomain.com" at "mybox.local".

I hope that helps - unfortunately you'll have the expense of a wildcard cert for your domain name, but you may already have that.