HTTPS Certificate for internal use

Question

I\'m setting up a webserver for a system that needs to be used only through HTTPS, on an internal network (no access from outside world)

Answer 1

i think the answer is NO.

out-of-the-box, browsers won't trust certificates unless it's ultimately been verified by someone pre-programmed into the browser, e.g. verisign, register.com.

you can only get a verified certificate for a globally unique domain.

so i'd suggest instead of myapp.local you use myapp.local.yourcompany.com, for which you should be able to get a certificate, provided you own yourcompany.com. it'll cost you thought, several hundred per year.

also be warned wildcard certificates might only go down to one level -- so you could use it for a.yourcompany.com and local.yourcompany.com but maybe not b.a.yourcompany.com or myapp.local.yourcompany.com, unless you pay more.

(does anyone know, does it depend on the type of wildcard certificate? are sub-sub-domains trusted by the major browsers?)