Utilising TLS within internal search domains

Question

Consider a domain such as service.internal.domain. By setting the internal search domain to .internal.domain, users can access the address simply by typing service into a browser.

However, due to the TLS certificate being issued to service.internal.domain and not service, TLS domain validation will fail. Is there a way around this i.e. making Chrome or similar browsers consider the fully qualified domain?

I do not have an internal CA authority setup, instead I use Lets Encrypt, so I cannot issue certificates for service.

score 0 · Answer 1 · answered Sep 19 '16 at 10:03

0

In the end I decided to redirect all simple hostnames to their fqdn equivalent with this server block.

server {
    listen 80;

    if ($host !~ ".internal.domain") {
        return 301 https://$host.internal.domain$request_uri;
    }
}

answered Sep 19 '16 at 10:03

Carey

133

Utilising TLS within internal search domains

1 Answers1