1,667 bytes added,
15:25, 13 November 2025 To enable secure communication on offline internal networks, you can use officially signed certificates. This requires a verifiable public domain and Split DNS configuration.
<!-- DO NOT REMOVE THIS -->{{Template:HowTo/Begin}}<!-- DO NOT REMOVE THIS -->
= Instructions =
=== Acquire a Public Domain and Minimal Hosting ===
* Register a public domain through a trusted registrar.
* Set up minimal hosting (e.g., a simple web page) so the domain is publicly accessible for validation.
=== Request a Certificate from a CA ===
* Use the hosting environment to complete domain validation with a Certificate Authority (CA).
* You can use free services like [https://letsencrypt.org Let's Encrypt] to obtain an SSL/TLS certificate for your domain.
=== Install the Certificate ===
* Install the acquired certificate on your internal server to enable encrypted communication.
=== Configure Internal DNS ===
* Set up a local DNS server for your intranet.
* Create DNS records for the official domain pointing to your internal server’s IP address.
* This ensures intranet clients reach the internal server using the official certificate.
== Important Notes ==
* Internal DNS servers must never be exposed to the internet.
* Protect the certificate password and private key to prevent man-in-the-middle attacks.
* Use certificates with limited lifespans and renew them regularly.
* A public DNS record is required for external CA validation.
<!-- DO NOT REMOVE THIS -->{{Template:HowTo/End}}<!-- DO NOT REMOVE THIS -->
== See also ==
<!-- DO NOT MODIFY THE NAME OF THIS SECTION, BUT REMOVE IT IF NOT REQUIRED -->
* [[HowTo:Configure_Microsoft_IIS_for_UBIK#Certificate]]