We have a client that is implementing LFDS and will be using SSO with Forms and the Web Client.
We had a conversation with them about Certificates, internal CA vs 3rd Party vs self-signed. The question came up that since their AD domain is something to the effect of domain.local, could they just add internal DNS entries so that company.org resolves internally, could they not just get a wild card cert for company.org and have that work with LFDS?
The reason I ask is because we had a recent support case open and were told that the certificate had to have the FQDN of the LFDS server, but I cannot find any requirements for the LFDS cert.