1

I'm developing an internal web application for use inside our internal Windows domain. I have 3 servers: apps.mycompany.com (primary), api.mycompany.com, and files.mycompany.com. Right now, everything works fine over HTTP. But I need to have these accessible over SSL/https to Windows desktop clients on the network (Chrome/Firefox/Edge) and iOS (Safari/Chrome).

I've set up self-signed certs using OpenSSL, and have configured nginx to where they respond correctly, and serve data. But, I'm constantly running into "not secure" / "invalid certificate" errors and "mixed content" (http/s) warnings that stymie my development.

I need a solution where everyone can simply hit https://apps.mycompany.com... and everything "just works", without user intervention (allowing insecure connections, manually adding certificates, etc.)

Advice?

Sean O
  • 277
  • 4
  • 5
  • 16
  • 1
    'internal Windows domain' Push out a custom CA using group policy or use AD certificate services to have the domain signed cert. The issue you're facing is getting the custom CA into the chain of trust on each users browser – Timothy c Sep 23 '20 at 19:58
  • @Timothyc Thanks. Any links to procedures on accomplishing this? – Sean O Sep 23 '20 at 21:01
  • Here's a great link on setting up a root CA for generating SSL certs: https://deliciousbrains.com/ssl-certificate-authority-for-local-https-development/ – Sean O Sep 29 '20 at 13:28
  • Sorry I'm not a Windows Admin. In my day to day work I've transitioned to using Lets Encrypt SSL certs. For internal host I'm using DNS challenges (RFC2136) with publicly available DNS (txt records) for those certs. – Timothy c Sep 29 '20 at 14:47

0 Answers0