0

Good Afternoon,

I wanted to ask this question regarding SSL certificates. Our company manages several servers. For example:

  • location1.domain.com
  • location2.domain.com
  • location3.domain.com

Each of the links goes to a different server with different IP as it pertains to connecting to the system from the outside world. And at each location, there are browsers that connect to each server on the local network to the same network.

For example:

  • 192.168.2.130

The server is an apache2 running ubuntu server 14. In addition, in all the tutorials that I have looked at, one needs to know the IP address of the machine. With many of these locations, the IP address often changes. They have dynamic IPs. What I was wondering is what kind of SSL certificate do I need? I thought about the wildcard certificate but did know if it was an overkill. I also would like for the location users within each location to not see the error message that comes from not having a correctly signed SSL certificate. Thanks in advance.

George

user207421
  • 305,947
  • 44
  • 307
  • 483
George Eivaz
  • 145
  • 2
  • 10

1 Answers1

0

Unless the number of location is constantly changing, you don't need a wildcard certificate. Just get one per location. Certificates should always be assigned to a name, not ip, so how the request is routed doesn't really matter.

If the internal users actually connect via IPs, rather than names, that's something you need to fix, because you have to bind the certificate to a stable name. If you want the internal users to skip the global routing, you can use something like split-horizon dns for it. (basically you serve your local users different dns answers than the ones you publish to the internet)

viraptor
  • 33,322
  • 10
  • 107
  • 191