dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
26
share rss forum feed


drew
Automatic
Premium
join:2002-07-10
Port Orchard, WA
kudos:6
reply to lorennerol

Re: Changes coming for SSL certs- Exchange issue

said by lorennerol:

Has anyone else run into this or even heard of it?

Not until you mentioned this thread and I typed "ssl certificate domain name rules" into Dr. Internet

»exchangeserverpro.com/ssl-requir···tificate

quote:
The CA/Browser Forum, a collaborative effort between Certificate Authorities (companies like DigiCert that issue certificates) and Web Browsers (companies like Mozilla or Microsoft that manage trust on a CA level), has introduced new Baseline Requirements for certificate issuance.

As part of these new requirements, Certificate Authorities must phase out the issuance of certificates issued to either Internal Server Names or a Reserved IP Address by October 2016. Specifically, CAs cannot issue certificates to these internal names with expiration dates after November 1, 2015…

Essentially, this change in SSL standards will make it impossible to obtain a publicly trusted certificate for any host name that cannot be externally verified as owned by the organization that is requesting the certificate.
--
flickr | 'Cause I've been waiting, all my life just waiting
For you to shine, shine your light on me


kontos
xyzzy

join:2001-10-04
West Henrietta, NY

This makes sense once you consider that rules on Top Level Domains have been relaxed. In the future domain.local could get registered to a company/person that is not you. If they were to issue a distant expiration certificate for that domain to Ira Hacker today, he could wreak havoc in a few years if that name comes into use on the public 'Net.