Use CA-signed Certificates in Offline Networks - UBIK Wiki / Augmensys

Jump to: navigation, search

Revision as of 15:25, 13 November 2025 by NWE (Talk | contribs) (Created page with "To enable secure communication on offline internal networks, you can use officially signed certificates. This requires a verifiable public domain and Split DNS configuration....")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

To enable secure communication on offline internal networks, you can use officially signed certificates. This requires a verifiable public domain and Split DNS configuration.

Instructions

Instructions

Acquire a Public Domain and Minimal Hosting

Register a public domain through a trusted registrar.
Set up minimal hosting (e.g., a simple web page) so the domain is publicly accessible for validation.

Request a Certificate from a CA

Use the hosting environment to complete domain validation with a Certificate Authority (CA).
You can use free services like Let's Encrypt to obtain an SSL/TLS certificate for your domain.

Install the Certificate

Install the acquired certificate on your internal server to enable encrypted communication.

Configure Internal DNS

Set up a local DNS server for your intranet.
Create DNS records for the official domain pointing to your internal server’s IP address.
This ensures intranet clients reach the internal server using the official certificate.

Important Notes

Internal DNS servers must never be exposed to the internet.
Protect the certificate password and private key to prevent man-in-the-middle attacks.
Use certificates with limited lifespans and renew them regularly.
A public DNS record is required for external CA validation.

See also

Configure Microsoft IIS for UBIK

Retrieved from "https://wiki.augmensys.com/index.php?title=HowTo:Use_CA-signed_Certificates_in_Offline_Networks&oldid=29146"