Important! Certificate Authorities will not issue any SSL Certificates with common names or SAN containing Reserved/Internal IP addresses or Internal Names after November 1, 2015.
The reason for these changes is the impossibility to verify internal names or reserved IP addresses publicly, as CA/B Forum's new rule states that all common names and SAN names shall be verified externally.
What is the CA/B Forum?
The CA/B Forum is a method of collaboration between CAs (Certificate Authorities) and Browsers(web-browser companies such as Mozilla).
What are the Internal Name and the Reserved IP address?
The Internal name is a name that can't be accessible from the Internet, because it is located in a private network.
A reserved IP address is an IP address from the reserved range (RFC 1918 and RFC 4193) for use in a private network, so it cannot be accessed directly trough the Internet.
I use Internal Names. What shall I do?
You should reconfigure your infrastructure to work with external domain names. External availability is by no means obligatory, so you can restrict access to your domain names by using a firewall.
The most simple approach is to buy a Wildcard SSL Certificate, that will protect all subdomains, for a registered external domain name such as yourorganization.com, and use subdomains (sub.yourorganization.com, sub1.yourorganization.com, …) for your company's internal needs.
Our recommended Wildcard SSL Certificate is Comodo Essential Wildcard.
Can I still use external IP addresses?
Sure. The only SSL certificate that supports external IP addresses is a business SSL certificate - InstantSSL Premium.
