1

We are working on a router-like device which can have it’s own access point and be connected to another router. We want to have https on the management web page using a valid certificate (not a self-signed one) for it but we have found a big problem.

As a certificate is for a host name (or IP), we can use a certificate for the internal network (we control the DNS server) but if somebody access the web from the external network we will have a problem since the hostname and IP address doesn’t match.

Is there any way to solve the problem 1 serversL: 2 IP addresses with 1 certficate?

Improve this question

3 Answers 3

Reset to default
0

You can use a SAN certificate which lets you have multiple domains in one certificate. There are multiple providers that offer this, though it tends to be more expensive. That way you can have one domain which you use internally which resolves to the internal IP and one you use externally which resolves to the public IP.

https://en.wikipedia.org/wiki/SubjectAltName

Improve this answer
0

You can do this a variety of ways.

  1. List all possible IPs/hostnames referring to the router in the certificate.
  2. List only a hostname in the certificate, and ensure that internal/external DNS will resolve to the proper IP.
Improve this answer
1
  • Cool! I didn't know a certificate could apply to multiple hostnames without a wildcard or similar. I'm going to try it and resolve the question. Thanks!!
    – Acampoh
    Commented Oct 7, 2015 at 16:44
0

I suppose your internal network has local IP addresses.

According the link below, local IPs cannot be used for certificates.

https://support.globalsign.com/customer/portal/articles/1216536-securing-a-public-ip-address---ssl-certificates

If you use 2 real IP addresses, you could try SAN certificate

https://en.wikipedia.org/wiki/SubjectAltName

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .