Hello Twingate team,
We’re currently utilizing Twingate connectors for our internal applications, and we have a specific requirement related to SSL/TLS.
In the past, we had public-facing A records for our domains, which were used mainly for testing purposes. These domains were secured using SSL certificates. However, to enhance our security posture, we’ve now decided to remove these public DNS records to ensure our endpoints aren’t exposed to the public.
Given this change, we have a few questions:
- SSL for Twingate Alias: With the public DNS records removed, is it possible to still use SSL for the Twingate alias? Specifically, can we prepend
https://
to the alias and have it be recognized securely? Is it possible to have the browser recognise the certificate if we are using an alias? - Certificate Validation: Given that we already have SSL certificates using DNS-01 challenge with LetsEncrypt for our previous DNS records, can they still be used in conjunction with Twingate aliases, even without the public DNS A records?
- Alternative Methods: If the above isn’t possible, are there any recommended methods or best practices to achieve SSL security for our Twingate aliases without making the domains publicly resolvable?
Our goal is to ensure a secure connection for our internal users via Twingate, without exposing any of our endpoints or domain information to the public internet.
Thank you for your assistance!