Issue SSL certificates to Internal Names with Expiration Dates after November 1, 2015

Certificate Authorities cannot issue SSL certificates to Internal Names with Expiration Dates after November 1, 2015

If you are someone who owns an SSL Certificate for an internal server, you might want to check out other ways on how to secure your internal network because starting July 2012, Certificate Authorities cannot issue SSL certificates to internal names that will expire after November 1, 2015. This means that if you are going to purchase an SSL Certificate for your internal server, you can only purchase such certificates that expire before November 2015. SSL Certificate purchasers will not be allowed to purchase multi-year contracts that exceed two years because the expiration date will exceed the specified date on the new provision, which is November 1st of 2015.

buy GoDaddy SSL Certificates

In compliance with just issued requirements of the CA/Browser Forum Baseline Standards, DigiCert or other CA’s cannot issue certificates with expiration dates after November 1, 2015 to either Internal Server Names or Reserved IP Addresses. So after November 1st of 2015, you will no longer be able to protect your internal network.

Reason Behind the New Provision

The reason why the CA/Browser Forum Baseline Standards have disabled the issuance of the internal network SSL Certificates is that the organizations that are using these certificates are impossible to verify. Because internal server names are not possible to verify, it becomes hard for authorities to keep track of the activities of such networks.

Reconfiguration of Server Names – From Private to Public Names

The new provision made it necessary for internal server owners to use public names on their internal network servers. This way, the certificate authorities will be able to verify the organizations that use it. Some companies use domain names that are not their own – just because the name server is used on a private network. This creates a big problem when someone else registers the domain name as a public one. This is the reason why private server names are no longer accepted in purchasing SSL Certificates for private networks.

  • Changing Server Names

DigiCert makes it possible for internal network administrators to still use SSL Certificates on their internal network servers by teaching their clients how to change their server name from private to public. This is done by redirecting the exchange server to use an external DNS name. This enables the clients to still use SSL Certificates on their internal servers because the new server names that they are using are verifiable by the certificate authorities.

By having a name server that is verifiable as yours, you are eligible to use an SSL Certificate for your internal server.

  • Purchasing Internal SSL Certificates

You can also purchase an SSL Certificate that can be used on internal servers but be sure that you buy an SSL Certificate that expires on or before the cut-off date – November 1, 2012. This is the easiest way to still use SSL Certificates on your internal server. But this won’t be effective for very long because of the cut-off date that is set on the new provision. So it is best that you sort things out on your server names before November 2015.

Previous post:

Next post: