Public CA do not allow internal names and reserved IP address any more

With November 2015 public CAs do not issue new certificates that uses internal names or reserved IP addresses in subjectAltName or in commonName. Furthermore such certificates will be revoked on October 1st, 2016.

Internal names are hostnames that do not end with an Top Level Domain ending (.com, .de, …). For example: .local, .internal. Also NetBIOS names without any domain extension are affected.

Reserved IP addresses are defined by Internet Assigned Numbers Authority (IANA). You can look reservations for IPv4 here  (RFC 1918 range) and IPv6 here (RFC 4193 range).

If you are using an internal CA you are not affected. For more information about this change of public CAs click here. For more information about VMware products click here.

Advertisements
Public CA do not allow internal names and reserved IP address any more