-2

My question is: Is it possible to have a computers on a network communicate with commercial SSL certificates ?

I want to have computer A on my network host a website: A Springboot Webserver application I wrote.

I have computer B on the same network also and I want to access a webpage on computer A via HTTPS (SSL).

I have no problems doing self signed certificates.

But I want to use an SSL Certificate from a Certificate Authority like Comodo. I've been trying it with Let's Encrypt free SSL Certificates and I haven't been able to get it to work so far.

Thanks

Philip Nguyen
  • 871
  • 2
  • 10
  • 29
  • 1
    Of course it's possible. What is your real question? – user207421 Mar 16 '18 at 18:34
  • Can it be done with a publicly trust CA? If so, how is it setup? This page I believe says that it can't be done. https://www.quora.com/How-can-I-use-CA-issued-SSL-certificate-for-internally-accessed-LAN-IP-address-web-application – Philip Nguyen Mar 16 '18 at 19:17
  • Sure it can be done for a publicly trusted CA, for **real domain names**. It can't be done for IPs, `localhost`, made-up domains that aren't registered, or things like `.test` / `.internal` / `.dev` etc. TLDs. – ceejayoz Mar 16 '18 at 20:32

1 Answers1

2

You can only get a certificate from a publicly trusted CA for domain names which are public. If the names you use match this requirement then you can get certificates for these, otherwise not. Once you have the certificates the setup of the certificates for the internal web servers is no different from the setup on external web servers.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Yep. A wildcard cert for `*.internal.example.com` is a good approach here. – ceejayoz Mar 16 '18 at 20:00
  • @ceejayoz: not really. If you would use the a wildcard certificate (and probably the same on all machines and thus also the same private key) it would be enough for somebody to get access to one machines certificate and key in order to impersonate any other machines in the network. – Steffen Ullrich Mar 16 '18 at 20:10
  • OP's scenario is a browser on A visiting a website hosted on B. Something more complicated is fine in a more complex scenario, but it'll work fine in what OP describes. – ceejayoz Mar 16 '18 at 20:25