All Internal Names and Reserved/Internal IP addresses SSL Certificates expired on November 1, 2015.

Important! Certificate Authorities will not issue any SSL Certificates with common names or SAN containing Reserved/Internal IP addresses or Internal Names after November 1, 2015.

The reason for these changes is the impossibility to verify internal names or reserved IP addresses publicly, as CA/B Forum's new rule states that all common names and SAN names shall be verified externally.

What is the CA/B Forum?

The CA/B Forum is a method of collaboration between CAs (Certificate Authorities) and Browsers(web-browser companies such as Mozilla).

What are the Internal Name and the Reserved IP address?

The Internal name is a name that can't be accessible from the Internet, because it is located in a private network.

A reserved IP address is an IP address from the reserved range (RFC 1918 and RFC 4193) for use in a private network, so it cannot be accessed directly trough the Internet.

I use Internal Names. What shall I do?

You should reconfigure your infrastructure to work with external domain names. External availability is by no means obligatory, so you can restrict access to your domain names by using a firewall.

The most simple approach is to buy a Wildcard SSL Certificate, that will protect all subdomains, for a registered external domain name such as, and use subdomains (,, …) for your company's internal needs.

Our recommended Wildcard SSL Certificate is Comodo Essential Wildcard

Can I still use external IP addresses?

Sure. The only SSL certificate that supports external IP addresses is a business SSL certificate - InstantSSL Premium.