Phasing out Intranet Names and IP Addresses in SSLs
The Internet security community is phasing out the use of intranet names and IP addresses as Primary Domain Names or the Subject Alternative Names (SANs) in SSL certificates.
This is an industry-wide decision, not one specific to our company.
To create a safer online environment, members of the Certificate Authorities Browser Forum met to define implementation guidelines for SSL certificates. As a result, effective October 1, 2016, Certification Authorities (CAs) must revoke SSL certificates that use intranet names or IP addresses.
Therefore, as of July 1, 2012, we no longer accept new requests, rekeys or renewals for SSL certificates that contain intranet names or IP addresses and are valid beyond Nov. 1, 2015.
An intranet name is the name of a private network, such as server1, mail or server2.local, that public Domain Name Servers (DNS) cannot access. An IP address is a string of numbers, such as 126.96.36.1990, that define's a computer's location.
If you have an existing certificate that contains an intranet name and/or an IP address, you can continue to use that certificate until it expires or until October 1, 2016, whichever comes first.
In other words, instead of securing IP addresses, you must secure Fully Qualified Domain Names (FQDNs), such as www.coolexample.com. To secure your intranet names, you must seek alternative solutions. For example, you can create your own Certificate Signing Request (CSR) and use it to sign your SSL certificate, or you can create your own internal CA.
To read the CA/Browser Forum guidelines, click here.
Your message was successfully sent.
There was an error in sending your message, please try again.
Have a question about the content of this article?