Comment by blendo
11 years ago
This is EXACTLY what I want for my intranet sites. It lets me protect my users from the wireshark in the next cubicle.
11 years ago
This is EXACTLY what I want for my intranet sites. It lets me protect my users from the wireshark in the next cubicle.
The solution for this is to run your own CA internally and push out the cert to all the machines. (if you have byod stuff it makes it a little harder but you could still have an internal ca signing only a certain subdomain and get people ot install it)
But that don't protect you from a malicious user hijacking this domain in the next cubicle. Perhaps, if your switches are not properly configured , that the guy in the next cubicle ou do some arp spoofing and https://intranet.yourdomain would be served by a bogus server collecting passwords.
But your users won't notice the difference, because they are used to see the certificate warning on his browser.