Andy Hibbs

Possible Help for SSL for Local Servers

Discussion created by Andy Hibbs on Jul 24, 2018
Latest reply on Jul 24, 2018 by Andy Hibbs

In case this is helpful to anyone dealing with internal servers and SSL.

 

We've just setup our internal Mac server on FileMaker 17 and, being pretty much completely cloud based, needed to overcome the SSL certificate requirement internally. We didn't want to purchase any more certificates, particularly as we have our own wildcard certificate and didn't want to resort to editing hosts files on each computer device in use, as this has to be a DNS solution.

 

We've been fans of Draytek Vigor routers for years, currently using a 2860Vac, mainly due to its NAT, firewall and in particular its VPN server capabilities; enabling remote user dial in and office to office secure links at an affordable price and without any servers needing to be involved. We have no links to Draytek, it is just a product that has worked for us and our clients over many, many years.

 

Within the Vigor admin menu Application > LAN DNS / DNS Forwarding we found the option of enabling individual profiles for each server that will take a domain name that would normally be routed to the external Internet DNS servers and point it to an internal address. Very easy to setup with 3 entries and a couple of mouse clicks.

 

This is managed by the router's DNS proxy, so it doesn't matter what DNS server is configured on client machines, as long as the router is used as the gateway, the defined FQDN will be resolved to an internal address.

 

So we've a Mac Mini sitting on our LAN, we've imported the same wildcard SSL certificate as we use on all our cloud servers and we've lovely green secure links on any device using our LAN or WiFi connecting to it.

 

I'm sure many other DNS servers do something similar, but thought it worth sharing this practical example.

 

Regards

Andy

Outcomes