LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   certificate for intranet server (https://www.linuxquestions.org/questions/linux-security-4/certificate-for-intranet-server-4175491021/)

Al_ 01-12-2014 06:29 AM
certificate for intranet server
 
Hi
Does anyone know whether (and how) it is possible to obtain from CAcert.org a signed SSL certificate for an intranet server? For a 'normal' server, that can be reached from the internet, CAcert.org ensures ownership of the server by sending an e-mail; but for an intranet server, that cannot be reached (using the LAN name) by CAcert.org ???

wstewart90 01-12-2014 06:51 AM
We use geotrust at work and they require a FQDN for an ssl cert AFAIK. They run a whois check and send the email to the administrative contact in the whois results. Take a look at the article I posted below as well. It looks like by 2016 You won't be able to get an ssl cert from a trusted CA without a FQDN. If you don't have a domain name then you're best bet is to self sign your own certificate. You could always just register a domain name for internal use only. The server itself doesn't need a valid internet connection. The client just needs to be able to contact the CA to verify the validity of the cert.

http://www.entrust.com/ssl-certifica...out-non-fqdns/

Al_ 01-13-2014 01:02 PM
Thanks. That is what I feared. No way to register something like *.mycompany.intra (which is the format used at my workplace).

myatthu 01-18-2014 08:47 AM
It is a bit tough for now on with public CA. Start from Nov 2015, there is no way you can buy .local certificate from public CA.
Even already issued will be revoked.
Ref: http://www.digicert.com/internal-names.htm?SSAID=314743


All times are GMT -5. The time now is 12:57 PM.