Website Security Solutions | Latest Guides | Blog

The CA/B Browser forum has announced that all the SSL certificates granted for Internal Server names will be revoked before October 26th 2015. As a result, IP addresses or intranet names can no longer be used as the primary domain names or Subject Alternative Names (SANs). Therefore, it is going to be virtually impossible for you to procure SSL certificates for host names if you can’t verify it externally. An internal name is categorized as the domain or IP address that belongs to a private network.

What prompted the change?

The internet security community or the Certificate Authorities Browser Forum has been working on implementing guidelines and revamping existing security protocols to make SSL certificates more impeccable. The decision to phase out SSL certificates issued for internal server names is the result of such combined efforts.

One of the main reasons that prompted this move from the Certificate Authorities is the commonness of the internal server names and the ease with which they can be forged. Non-unique internal server names are highly vulnerable to man in the middle attacks, which in turn can result in the loss of valuable data even with an SSL certificate. Literally transformed, when dealing with a common internal server name, has no idea whether he/she is communicating with a legitimate source or not.

What can you do?

If you are a webmaster of internal server names, you can either get an SSL certificate issued by an internal CA or get the server reconfigured to a public or fully qualified domain name. You also have an alternative of using an external name in such a manner that it can serve as the sub-domain to your main domain. Note that all the internal server names that needs o be tagged with a trusted SSL certificate should be done via verifiable public names.


Author: Paul Baka
Published:
Last Modified: 06/07/2019
Tags: #Industry News