Alpha Video Training
Results 1 to 7 of 7

Thread: How to do a SSL certificate for both intranet and internet access?

  1. #1
    VAR
    Real Name
    Mike Reed
    Join Date
    Apr 2000
    Location
    Phoenix, AZ
    Posts
    649

    Default How to do a SSL certificate for both intranet and internet access?

    How does one obtain a SSL certificate that will work for both an intranet and internet?

    I am helping a person set up a new alpha web server that will initially be used on their local server. The users on the intranet will access via their browser using something like: 10.10.10.10/alphaindex.a5w. Internet users will use something like: secure.domainname.com. I don't know know to set up the SSL request for that. Anyone have any ideas?

    The only thing I can think of is to do 2 certificates and run a double instance for the App server, one for the intranet and one for the internet.

    Thanks,
    Mike Reed
    Phoenix, AZ

  2. #2
    "Certified" Alphaholic mikeallenbrown's Avatar
    Real Name
    Mike Brown
    Join Date
    Nov 2009
    Location
    United States
    Posts
    1,749

    Default Re: How to do a SSL certificate for both intranet and internet access?

    If you're putting the app on the web why the need for a internal connection? Just have everyone go to the web address.
    Mike Brown - Contact Me
    Programmatic Technologies, LLC
    Programmatic-Technologies.com
    Independent Developer & Consultant

  3. #3
    VAR
    Real Name
    Mike Reed
    Join Date
    Apr 2000
    Location
    Phoenix, AZ
    Posts
    649

    Default Re: How to do a SSL certificate for both intranet and internet access?

    Quote Originally Posted by mikeallenbrown View Post
    If you're putting the app on the web why the need for a internal connection? Just have everyone go to the web address.

    It it is an in house server. Their internet provider won’t allow a web address that comes back to the origin. In this case typing in secure.domainname.com ends up coming to the IP address that the request came from.

    Mike
    Last edited by Mike Reed; 06-02-2019 at 07:50 PM.
    Mike Reed
    Phoenix, AZ

  4. #4
    Alpha Software Employee Lenny Forziati's Avatar
    Real Name
    Lenny Forziati
    Join Date
    Nov 2001
    Location
    Alpha Software
    Posts
    4,680

    Default Re: How to do a SSL certificate for both intranet and internet access?

    While you can get an SSL certificate for multiple FQDNs, and you can get an SSL certificate for an IP address, you cannot get one for a private IP address from a commercial certificate issuer. This leaves you with three options:

    1 - Hairpinning
    Configure the network's firewall to support "hairpinning". This will make the internal request for the external IP address get routed properly. How/if this is done is dependent on the exact network hardware. Normally I would suggest starting by contacting the ISP's support, but you've already hit a dead-end there. If you have admin access to the firewall, you can potentially set it up without their help. If you don't, you could potentially add an additional firewall or NAT device between your network and the ISP's equipment.

    2 - DNS
    Set up internal-only DNS so that the domain name resolves to the private IP when looked up by the intranet clients. Internal users can then use the external hostname just like anyone else and with a standard SSL certificate using the single hostname. This requires running a DNS server internally that thinks it is authoritative for your domain name, and then all clients need to send all DNS lookups to your internal DNS server.

    3 - Self-signed certificate
    While a Certificate Authority will not issue a certificate for a private IP address, you could still create a self-signed certificate that uses the internal IP address. A self-signed certificate will not be recognized by clients however, unless you add the certificate that is used to sign the SSL certificate to every client's store of trusted root certificates.

    Lenny Forziati
    Vice President, Internet Products and Technical Services
    Alpha Software Corporation

  5. #5
    VAR
    Real Name
    Mike Reed
    Join Date
    Apr 2000
    Location
    Phoenix, AZ
    Posts
    649

    Default Re: How to do a SSL certificate for both intranet and internet access?

    Lenny,

    Thank you so much for your help!

    I really appreciate it.

    Mike
    Mike Reed
    Phoenix, AZ

  6. #6
    Member
    Real Name
    Jonathan Freestone
    Join Date
    Apr 2017
    Location
    West Sussex UK
    Posts
    69

    Default Re: How to do a SSL certificate for both intranet and internet access?

    Avoid the hairpinning, it works, heck I use it, but the DNS option is better.

  7. #7
    "Certified" Alphaholic kkfin's Avatar
    Real Name
    Kenneth
    Join Date
    Dec 2006
    Location
    EU
    Posts
    1,520

    Default Re: How to do a SSL certificate for both intranet and internet access?

    Quote Originally Posted by Mike Reed View Post
    How does one obtain a SSL certificate that will work for both an intranet and internet?

    I am helping a person set up a new alpha web server that will initially be used on their local server. The users on the intranet will access via their browser using something like: 10.10.10.10/alphaindex.a5w. Internet users will use something like: secure.domainname.com. I don't know know to set up the SSL request for that. Anyone have any ideas?

    The only thing I can think of is to do 2 certificates and run a double instance for the App server, one for the intranet and one for the internet.

    Thanks,
    Using front end web server with reverse proxy support and running all in same physical server as AA WAS you can configure system for example like this: secure.domainname.com a CAs SSL and then for internal IP or external IP a self signed SSL (host is IP address). Then AA WAS do not need any SSL certificate and same AA WAS instance can serve both internal and external users because front end web server has reverse proxy available.

Similar Threads

  1. Intranet vs Internet
    By dchiass in forum Application Server Version 10 - Web/Browser Applications
    Replies: 3
    Last Post: 07-20-2016, 05:03 PM
  2. Configuring WAS for Intranet Access Only
    By cpgood in forum Application Server Version 11 - Web/Browser Applications
    Replies: 3
    Last Post: 09-09-2015, 03:07 PM
  3. Intranet LAN, Internet, Security -Just How good is A5 WAS ??
    By forskare in forum Application Server Version 11 - Web/Browser Applications
    Replies: 4
    Last Post: 12-04-2012, 09:33 AM
  4. Access to my web application via intranet
    By dtelles in forum Application Server Version 10 - Web/Browser Applications
    Replies: 4
    Last Post: 10-18-2010, 11:20 AM
  5. Internet Access
    By Nancy Eisenberg in forum Alpha Five Version 4
    Replies: 10
    Last Post: 03-12-2001, 05:03 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •