HTTPS configuration for simultaneous access over LAN and Internet.

Posted on 2012-08-25
Last Modified: 2012-08-30
How to configure SSL/HTTPS for LAN as well as Public IP without showing certificate error?

Web server: Apache 2.2.22
Question by:dev_meddiff
    LVL 6

    Expert Comment

    Great question. If you are using active directory and integrated DNS its very easy.

    First, make sure you have a signed certificate from a trusted authority with the FQDN.

    In DNS, create a new forward lookup zone with the exact FQDN of your server (internet facing just like your certificate).

    Then create an a record, level the hostname blank, and enter the internal IP address of the server.

    Now when you access the server, use the FQDN on the LAN or the WAN. Since the certificate will match the web address, no certificate error!

    LVL 33

    Accepted Solution

    *or* be aware that modern certificates can have more than one name in them!

    the system is called "Subject Alternative Name" and is used for (for example) exchange servers who often have to support multiple names.

    another solution is to note that often an internal host will have an "rfc 1918" address (like 10.x or 192.168.x) and use a router to "translate" that to an internet-facing IP address. if that is true, then the same router can *also* translate 443 to (say) 8443; once that is done, you can have one apache listener (on 8443) with the outside name, and one on 443 with the certificate containing the inside name. as a bonus, you can then have two different logs, with "internet" traffic logged separately from "lan", and even slightly different sites (with additional features, such as phpmyadmin, exposed only to internal users)
    LVL 26

    Expert Comment


    1) If your website server and office LAN share the same gateway (router) to the outside world, and it supports a hairpin NAT rule you could simply add a rule to permit bodies on the LAN to use the external hostname e.g.

    2) Depending on how you handle the http <-> https redirection, obtain a second signed SSL certificate for the internal name, and add a new name based Virtual Host definition to your apache httpd.conf, and include the new certificate.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
    Imagine a situation that you have installed SSL ( Certificate on your Cisco ASA (Cisco Adaptive Security Appliance) firewall. Installation of SSL certificate on ASA is an another topic for which you …
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now