I'm trying to figure out a way to use a service like ZeroSSL to create a valid SSL certificate for a domain that I don't have authority over. The goal is to have a local server (for example, Nginx) redirect traffic from "www.google.com" to our internal search engine via a 301 redirect. This is necessary for devices that frequently switch between internal and external networks, requiring a trusted SSL certificate for a smooth transition. While I could set up my own Certificate Authority (CA) to create self-signed certificates for a few hosts, that seems a bit excessive for just three domains. I'm hoping someone might have a more practical solution!
2 Answers
The best route would be to set up your own CA and install the root certificate on your devices. I get that it might seem like overkill, but it avoids a lot of headaches with certificate warnings. Just make sure you really weigh whether this is necessary—it sounds more like a training issue to me.
Honestly, I suggest you just train your users instead of messing with certificates. If you're really concerned, block www.google.com at your firewall. It's simpler and avoids complications.
Yeah, I see your point! It's mainly to reduce fallback issues, so I think I will go ahead and implement a local CA for more flexibility with some other endpoints too.