All Internal Names and Reserved/Internal IP addresses SSL Certificates expired on November 1, 2015.
Important! Certificate Authorities will not issue any SSL Certificates with common names or SAN containing Reserved/Internal IP addresses or Internal Names after November 1, 2015.
The reason for these changes is the impossibility to verify internal names or reserved IP addresses publicly, as CA/B Forum's new rule states that all common names and SAN names shall be verified externally.
What is the CA/B Forum?
The CA/B Forum is a method of collaboration between CAs (Certificate Authorities) and Browsers(web-browser companies such as Mozilla).
What are the Internal Name and the Reserved IP address?
The Internal name is a name that can't be accessible from the Internet, because it is located in a private network.
A reserved IP address is an IP address from the reserved range (RFC 1918 and RFC 4193) for use in a private network, so it cannot be accessed directly trough the Internet.
I use Internal Names. What shall I do?
You should reconfigure your infrastructure to work with external domain names. External availability is by no means obligatory, so you can restrict access to your domain names by using a firewall.
The most simple approach is to buy a Wildcard SSL Certificate, that will protect all subdomains, for a registered external domain name such as yourorganization.com, and use subdomains (sub.yourorganization.com, sub1.yourorganization.com, …) for your company's internal needs.
Our recommended Wildcard SSL Certificate is Comodo Essential Wildcard.
Can I still use external IP addresses?
Sure. The only SSL certificate that supports external IP addresses is a business SSL certificate - InstantSSL Premium.
-
November, 08
Buffer overflow in OpenSSL exploited when validating X.509 certificates
-
September, 09
A company’s brand represents trust and a promise to do right by its customers. It allows consumers to quickly make purchases without questioning whether they can trust the receiver.
-
August, 27
This is to announce that CyberSSL will only be able to issue public SSL / TLS certificates with a lifespan of 398 days (a bit over 1 year). The change takes place starting with 1 September 2020.
-
September, 23
We all love free public WiFi when we are travelling, ordering food in a restaurant, waiting for a job interview, doing internet banking, relaxing at a beach café or in a hotel lobby – it is so convenient! – but, so do criminals.