[openssl-users] Non-self-signed SSL certificates for private hosted DNS zones

Traiano Welcome traiano at gmail.com
Tue Mar 7 07:21:54 UTC 2017

Hi List

I have a private DNS zone hosted on AWS route 53, only resolvable from
within some specific VPCs.
It appears some applications require an SSL certificate associated with the
private DNS zone, and this SSL certificate should come from a trusted,
external certificate provider (cannot be self-signed).

My questions are:

a) Is this a known use-case? i.e private dns zones requiring
non-self-signed certificates?
b) Since the DNS zone is not resolvable on the public internet, how would
the certificate validation process occur for applications communicating
with systems in the private zone ?
c) Do SSL certificate providers issue trusted SSL certificates  for private
DNS zones?

Many thanks in advance for any advice here!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170307/abae1975/attachment.html>

More information about the openssl-users mailing list