It's another discussion about this very topic. In it the user ahaw021, explains a couple options for how you could make this work on an internal only address.
You are right. There are two ways of going about this.
A) Create your own internal CA and add it’s intermediate to all the machines in your corporate network (this is quite common for example internal intranets). This is quite common in Windows Server environments. B) CAs like GloablSign will provide an enterprise PKI capability (i.e. the ability to sign it’s own certificates which are then linked up to GlobalSign). C) You can use Boulder as your CA (this is what LetsEncrypt uses) and the certificate from B to get the best of both worlds. I.e. an Internal CA which adheres to ACME protocol. Microsoft CA relies on Microsoft Services for certificates etc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.