Intranet SSL Certificate

If you are using web applications on the internal networks you may have seen ‘Connection not Secure’ error from the browser. Most users choose to ignore the error thinking that it’s Ok because everyone on the internal network also should not be trusted But, threats from outside (hackers) and inside (employees) needs to be take seriously because most important data is always on the internal networks. Zero Trust Network is a must have strategy for all.

This problem can be solved by installing SSL Certificate for internal networks. Technically they are same as the SSL certificates available from the certificate authorities like DigiCert, GlobalSign, EnTrust, Sectigo and Let’s Encrypt. But, they are not allowed to issue SSL certificates for the internal networks by the CA/Browser Forum.

We have a solution.
SecureNT Intranet SSL certificates are made for the internal networks for the web applications. When it installed on the internal network servers, the communication between local user(Client PC) and the server is encrypted and it cannot be read, even with snooping tools. As a result, confidential data and passwords passing across the internal network become safe from the unauthorised users and even from hackers..

Technical Information

»Certificates are issued by default with RSA Encryption, 2048-bit Key Size, and Sha256 Hash Algorithm
»The CA Certificate chain from Secure Network Traffic is two level, similar to CA certificates from the public Certifying Authorities
»You can secure and encrypt data on web applications like ERP, Payroll, HRMS, CRM, Service desk and Analytics
»You can even encrypt SQL server and LDAP login credentials using Intranet SSL Certificates
»You need not use Self-signed Certificates because their private key is usually stored on a PFX file with no or weak password

Types of Intranet SSL Certificates offered by SecureNT

1. Single Domain

SecureNT Intranet SSL Certificate – Single Domain secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL using Secure HTTPS protocol.

Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 30-day Free Single Domain Certificate.

2. Multi-Domain

SecureNT Intranet SSL Certificate – Multi-Domain (1 + 4 SAN) secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL plus 4 SAN values using Secure HTTPS protocol. In case you wish to secure more than 1+4 SAN, then you will have to purchase additional SANs in multiples of 5 SAN values. There is no limit to SAN values.

What is a Multi-Domain (also known as SAN) Certificate?

A Multi-Domain (or Subject Alternative Name-SAN) certificate can support multiple domains, server names, and IP Addresses within a domain. They reduce SSL cost and maintenance by using a single certificate for multiple websites using SAN. These certificates are more flexible than Wildcard certificates since they are not limited to a single domain.

Note: Only non-Wildcard names can be added as SAN.

Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 7-day Free Multi-Domain Certificate.

3. Wildcard Certificate

SecureNT Intranet SSL Certificate – Wildcard secures an Intranet Server’s Server Name or Web page URL and all sub-domains using Secure HTTPS protocol.

What is a Wildcard Certificate?

A Wildcard certificate is a single certificate with a wildcard character (* – star) in the domain name field. This allows the certificate to secure multiple subdomain names of the same base domain.

For example, a wildcard certificate for *.(domainname).com, could be used for www.(domainname).com, mail.(domainname).com, blog.(domainname).com, etc. Also, a special case of (domainname).com is also secured.

Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 7-day Free Wildcard Certificate.

SSL Certificates for Internal Servers

But there is a hitch. CA/Browser Forum, which regulates SSL certificates, does not allow public Certifying
Authorities (CA) like DigiCert, GlobalSign, Let’s Encrypt, etc. to issue SSL Certificates to private IP
addresses, Server Names, and intranet website URLs. CA/B has put severe restrictions on issuing SSL
certificates to Public IP addresses.

SSL for Extranet Applications on a Public IP Address

I have often noticed that several large corporates use Public IP addresses for hosting extranet applications.
These are mainly accessed by trusted partners only. For example, their suppliers, distributors, service
providers use such applications for sharing quotations, purchase orders, invoices, payment details, etc.
Public CA can issue an SSL certificate for such an IP address if and only if the Public IP address is owned
by the company. Most corporates get public IPs from their Internet Service Providers (ISPs) for a yearly
fee. They don’t own them. So, getting a regular SSL certificate for these applications is not possible.

Self-Signed Certificates

To overcome this hurdle, some corporates use Self-Signed SSL Certificates as a solution. Software
developers and system administrators use them because they can be issued in minutes. While it’s an easy
and tempting solution, one should remember that this approach has several downsides. Some of them are—
the users routinely ignore SSL Certificate errors, Self-Signed Certificates with private keys are stored as
PFX files on the file system, and no one handles the management of the self-signed certificates. When a
Self-Signed certificate expires system administrators wonder who created the certificate and why. Also,
system administrators don’t know if it is needed now. Many a time, these PFX files are without a password
(or passwords like 123@abc), rendering them most ineffective. This is because with a private key, it is
easy to pry into the encrypted network traffic.

SecureNT Intranet SSL Certificates

To bridge this gap, Secure Network Traffic (SecureNT) has come up with SSL/TLS Certificates for the
Intranet, i.e., internal/private networks. These are issued to the servers with internal & public IP addresses,
webpage URLs, server names, and localhosts. The certificates are issued to a single or multi-domain or
even a wildcard URL.
These intranet SSL Certificates encrypt the data flowing on the internal network. They offer the same
protection that a public-facing website with a regular SSL Certificate gets. They use the same RSA
Encryption, 2048 bit Key Size, and Sha256 Hash Algorithm. Intranet Certificates are issued for up to 10
years, unlike 1 year SSL Certificates issued to Internet websites.