What is an Intranet SSL Certificate?
An Intranet SSL certificate is a Private/non-Public SSL (TLS) Certificate issued by SecureNT as a Private Certifying Authority (CA). Technically, it is same as the SSL certificates issued by Public Certifying Authorities (CAs) like DigiCert, GlobalSign, Entrust, Sectigo, or Let’s Encrypt, but it is used on internal networks or private sites.
Thus, the Intranet SSL certificate is installed on the servers of an internal private network. After installation, whenever a user (client PC) on a local network connects to this server using a browser, all data flowing between the client PC and the server is encrypted with HTTPS and no one can read it, even with snooping tools. Thus, confidential data and passwords flowing on the internal network remain secure from unauthorized users and even hackers.
Why use an Intranet SSL on Internal Network Servers?
Intranet SSL allows encryption of data-in-motion including session encryption on the internal networks. In short, it encrypts the sensitive data in transit. You may ask – how this happens? On your internal networks, you use various web applications like ERP, HRMS, CRM, Service Desk, Data Analytics, Payroll etc. When a user accesses data stored on the server using the browser, the data will be encrypted, if Intranet SSL is installed. So, a hacker or even an unhappy employee cannot read this sensitive data.
Is it same as regular SSL certificates, which are used on websites?
Technically Intranet SSL is absolutely same as regular SSL Certificate. There is no difference. Even, installation steps are same.
But there is a small difference, which you should know. When you install regular SSL on the webserver one is not required to install the CA root certificate on the server or the client PC. This is because they are already installed by the Operating System, as trusted CA root certificates.
SecureNT Intranet SSL certificate’s CA root certificate chain is not trusted by default. So, when a user accesses an internal website with Intranet SSL using browsers like Chrome, or Edge, or other browsers you will get a “certificate not trusted” error. To overcome this issue, few steps need to be taken on the server and client PCs once only. After those steps are taken, the client PC will always trust the Intranet SSL certificate.
CA/Browser Forum (CA/B), the regulatory body that governs the SSL industry, does not allow Public CAs to issue SSL Certificates to Internal Names. SSL for Private Internal Networks is covered under IETF RFC 1918.
So, internal/private Servers have to use SSL Certificates from Private CAs or Self-Signed Certificates. Of course, some of these Public CAs do issue Intranet/non-Public SSL Certificates using non-Public Root Certificates. SecureNT Intranet SSL does the same but offers it quickly and at a much more attractive price.
But, what to do if the Client browser gives an error while accessing Servers with Intranet SSL?
Windows PCs and Macs having SecureNT Intranet SSL CA root certificate chain added to their operating system’s certificate store will automatically trust the server and users will not know the difference.
For this, two Intranet Root Certificates need to be installed once, on each Windows client PC. On a Mac, customers will need to open Keychain Manager and explicitly trust each of the two root certificates. To automate the installation of root certificates on multiple machines es, one can use Microsoft’s Group Policy for PCs; and Parallel’s Device Management for Macs. Click here to find the installation details.
Firefox does not use the operating system’s certificate store for storing the root certificates. So, the root certificate chain is added differently. Read this article for details.
Types of Intranet SSL Certificates offered by SecureNT
Single Domain
SecureNT Intranet SSL Certificate – Single Domain secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL using Secure HTTPS protocol.
Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 30-day Free Single Domain Certificate.
Multi-Domain
SecureNT Intranet SSL Certificate – Multi-Domain (1 + 4 SAN) secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL plus 4 SAN values using Secure HTTPS protocol. In case you wish to secure more than 1+4 SAN, then you will have to purchase additional SANs in multiples of 5 SAN values. There is no limit to SAN values.
What is a Multi-Domain (also known as SAN) Certificate?
A Multi-Domain (or Subject Alternative Name-SAN) certificate can support multiple domains, server names, and IP Addresses within a domain. They reduce SSL cost and maintenance by using a single certificate for multiple websites using SAN. These certificates are more flexible than Wildcard certificates since they are not limited to a single domain.
Note: Only non-Wildcard names can be added as SAN.
Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 7-day Free Multi-Domain Certificate.
Wildcard Certificate
SecureNT Intranet SSL Certificate – Wildcard secures an Intranet Server’s Server Name or Web page URL and all sub-domains using Secure HTTPS protocol.
What is a Wildcard Certificate?
A Wildcard certificate is a single certificate with a wildcard character (* – star) in the domain name field. This allows the certificate to secure multiple subdomain names of the same base domain.
For example, a wildcard certificate for *.(domainname).com, could be used for www.(domainname).com, mail.(domainname).com, blog.(domainname).com, etc. Also, a special case of (domainname).com is also secured.
Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 7-day Free Wildcard Certificate.