SecureNT Intranet SSL

SSL/TLS Certificates for Internal Networks.

FAQs

Those might have popped-up in your mind.

Do you issue Intranet SSL for internal names with regular TLDs ?
General
keyboard_arrow_down

We issue Intranet SSL to all internal names, whether they use any regular TLD or not.

Some Private Certifying Authorities do not issue Intranet SSL if your internal domain name uses a regularly used Top Level Domain (TLD) name, including ccTLD reserved for countries.

For example, if your internal domain name is name1.com or name2.net, or name3.us then they won’t issue Intranet SSL Certificate to you. They will insist that you buy their regular SSL Certificate issued by a public CA.

No Comments Yet.

What is an Intranet SSL Certificate ?
General
keyboard_arrow_down

An Intranet SSL certificate is a Private/non-Public SSL (TLS) Certificate issued by SecureNT.

Technically, it is similar to the SSL certificates issued by Public CAs (like DigiCert, GlobalSign, Entrust, Sectigo, or Let’s Encrypt) but it is used on internal networks or private sites.

Thus, the Intranet SSL certificate is installed on the servers of an internal private network. After installation, whenever a user (client PC) on a local network connects to this server using a browser, all data flowing between the client PC and the server is encrypted and no one can read it, even with snooping tools.

Thus, confidential data and passwords flowing on the internal network remain secure from unauthorized users and even hackers.

No Comments Yet.

How to install Intranet SSL on XAMPP Server ?
Installation
keyboard_arrow_down

To proceed with the installation, you need to download the certificate zip file and extract its contents onto your device.

Step 1: Set up a Folder for Storing SSL Files

Create a new folder on your XAMPP server to store the SSL files. You will use this folder to store the SSL files for your XAMPP HTTPS setup. Unzip all files here.

Step 2: Locate the Configuration File for Your Localhost Website

There are two methods for finding the configuration file for your website:

  1. Method 1: Click Config in the XAMPP control panel and select Apache (httpd-ssl.conf).

  2. Method 2: Use the file explorer to find the configuration file located in the folder where you installed the XAMPP control panel.

Step 3: Edit the Virtual Host for Port 443

Open the configuration file in a text editor, such as Notepad, and make the necessary changes. Here’s an example of what the virtual host for port 443 should look like after editing:

DocumentRoot “/var/www”
ServerName intranet-common-name (e.g., localhost)
ServerAlias
SSLEngine on
SSLCertificateFile “D:/xampp/yourwebsite/ssl/server.cer”
SSLCertificateKeyFile “D:/xampp/yourwebsite/ssl/serverkey.cer”
SSLCACertificateFile “D:/xampp/yourwebsite/ssl/CA-bundle.cer”

Note: Remember to replace the server name, alias, and certificate paths with the actual values that apply to your setup. And copy the server.cer, serverkey.cer and CA-bundle.cer to the required path viz., D:/xampp/yourwebsite/ssl/

Step 4: Restart the Server

Finally, restart the server by clicking Stop in the XAMPP control panel, then Start. This will ensure that the new SSL certificate is properly applied.

Test your SSL Installation

After you install an SSL Certificate in XAMPP, you should test the certificate installation by visiting your intranet common name on the browser using https protocol.

No Comments Yet.

Is it compulsory to provide CSR to get Intranet SSL ?
Technical
keyboard_arrow_down

Not necessary.

Just fill-up the form and we will generate the CSR (called Auto-CSR). And we will send the SSL Certificate along with the private key.

No Comments Yet.

While requesting Intranet SSL, should I generate CSR or just give certificate details ?
Technical
keyboard_arrow_down

Good question.

It is always recommended to generate CSR on your web server and share with us. This is because the private key generated during the CSR generation remains on your server, within your premises.

On the other hand, if you give certificate details to us, we generate the CSR. It is called Auto-CSR. During this process, private key is generated on our machine. When we ship the Intranet SSL to you, we send the SSL certificate along with the private key. This method is slightly risky because the private key can be intercepted by someone when it is sent through email.

But generation of CSR for Intranet SSL poses some technical challenges. Reason is that modern browsers expect the CSR to have require SAN values correctly specified.

For example, if the Common Name is “abc.local” then the CN=abc.local and SAN value should be DNS=abc.local. But it is not easy to generate CSR with SAN values on Windows or Linux.

Another issue comes when the certificate is to be issued to an IP address. In this case SAN should have two values. They are DNS=[IP-address] and IP=[IP-Address].

If any of these SAN values are not specified while generating the CSR then browser gives 'Certificate not Trusted' error.

Of course, we have shared the steps to generate CSR with SAN values. Link is given below.

  1. How to create the CSR with SAN in Windows IIS
  2. How to create the CSR with SAN Values using OpenSSL

No Comments Yet.

Copyright © 2024 Secure Network Traffic. All rights reserved. SecureNT is a registered trademark of Secure Network Traffic.