Use CA-signed Certificates in Offline Networks

Acquire a Public Domain and Minimal Hosting

• Register a public domain through a trusted registrar.
• Set up minimal hosting (e.g., a simple web page) so the domain is publicly accessible for validation.

Request a Certificate from a CA

• Use the hosting environment to complete domain validation with a Certificate Authority (CA).
• You can use free services like Let's Encrypt to obtain an SSL/TLS certificate for your domain.

Install the Certificate

• Install the acquired certificate on your internal server to enable encrypted communication.

Configure Internal DNS

• Set up a local DNS server for your intranet.
• Create DNS records for the official domain pointing to your internal server’s IP address.
• This ensures intranet clients reach the internal server using the official certificate.

• Internal DNS servers must never be exposed to the internet.
• Protect the certificate password and private key to prevent man-in-the-middle attacks.
• Use certificates with limited lifespans and renew them regularly.
• A public DNS record is required for external CA validation.