• 5
name Punditsdkoslkdosdkoskdo

Utilising TLS within internal search domains

Consider a domain such as service.internal.domain. By setting the internal search domain to .internal.domain, users can access the address simply by typing service into a browser.

However, due to the TLS certificate being issued to service.internal.domain and not service, TLS domain validation will fail. Is there a way around this i.e. making Chrome or similar browsers consider the fully qualified domain?

I do not have an internal CA authority setup, instead I use Lets Encrypt, so I cannot issue certificates for service.


In the end I decided to redirect all simple hostnames to their fqdn equivalent with this server block.

server {
    listen 80;

    if ($host !~ ".internal.domain") {
        return 301 https://$host.internal.domain$request_uri;
  • 0
Reply Report

Warm tip !!!

This article is reproduced from Stack Exchange / Stack Overflow, please click

Trending Tags