SAN certificate with internal DNS

0
votes

I'd like to request for a SAN SSL certificate that will handle both publicly accessible and not publicly accessible URLs. Not publicly accessible URLs will be handled by our internal DNS.

The problem is that I'm not sure if it is possible to define subject alternative names that are not publicly accessible in a SAN SSL certificate?

For example:

  • foo.com

  • www.foo.com

  • internal.foo.com

  • www.internal.foo.com

foo and www.foo.com will be publicly accessible while internal.foo.com and www.internal.foo.com will not.

1
sslssl-certificate

1 Answers

1
votes

If it's internal.foo.com that would be fine, because the verified asset is still foo.com.

If you wanted www.foo.com and foowebserver (the internal-only routable hostname) then you'd run into issues and need to split the certificate into an internal cert and an external cert (or switch to an internal-DNS-subnet of a registered name scheme).