|
Obviously certificates are becoming more important as things like heartbleed and other items have made verifying your communication partner more and more important. I am trying to improve my internal/external security posture without buying 300 certs for $$$$$. I have a *.company.com cert for external operations but our internal domain is a *.company.local. Our CA will not issue wildcard certs on domains I don't "own" They will however issue me servername.company.local. This is where the 300 certs thing comes in. I do have a CA in my domain but I have external users who trust my CA (DigiCert) but not my internal CA. Is there a way I can sign my CA with my public cert identifying it to issue certificates within my domain - effectively making a private wildcard? As I think about this it seems unlikely, but I'd like to figure out a way to get globally valid certs on my internal domain. Thoughts? Please help security goons.
|
# ¿ Nov 30, 2014 06:09 |
|
|
# ¿ May 6, 2024 08:44 |
|
.local certainly is still a thing. It may not be recommended but it still is possible to create one and there are lots of them still floating out there. It may be easier at this point to rename my domain but that also makes me really really really nervous as it will certainly break a lot of stuff. If I could go back in time I would do it differently but I can't so... The biggest issue is that I deploy remoteapp as part of our line of business that are consumed by people who aren't apart of our AD and do not have local permission to accept our root CA. This causes issues when they ultimately connect to our farm.
|
# ¿ Nov 30, 2014 17:14 |