ssl - HTTPS Certificate for internal use

Question

I'm setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world)

Right now I got it setup with a self-signed certificate, and it works fine, except for a nasty warning that all browsers fire up, as the CA authority used to sign it is naturally not trusted.

Access is provided by a local DNS domain name resolved on local DNS server (example: https://myapp.local/), that maps that address to 192.168.x.y

Is there some provider that can issue me a proper certificate for use on an internal domain name (myapp.local)? Or is my only option to use a FQDN on a real domain, and later map it to a local IP address?

Note: I would like an option where it's not needed to mark the server public key as trusted on each browser, as I have not control over workstations.

Answer 1

You have two practical options:

1. Stand up your own CA. You can do it with OpenSSL and there's a lot of Google info out there.

2. Keep using your self-signed cert, but add the public key to your trusted certs in the browser. If you're in an Active Directory domain, this can be done automatically with group policy.