Port Orchard, WA
|reply to lorennerol |
Re: Changes coming for SSL certs- Exchange issue
said by lorennerol:
Has anyone else run into this or even heard of it?
Not until you mentioned this thread and I typed "ssl certificate domain name rules" into Dr. Internet
The CA/Browser Forum, a collaborative effort between Certificate Authorities (companies like DigiCert that issue certificates) and Web Browsers (companies like Mozilla or Microsoft that manage trust on a CA level), has introduced new Baseline Requirements for certificate issuance.
As part of these new requirements, Certificate Authorities must phase out the issuance of certificates issued to either Internal Server Names or a Reserved IP Address by October 2016. Specifically, CAs cannot issue certificates to these internal names with expiration dates after November 1, 2015
Essentially, this change in SSL standards will make it impossible to obtain a publicly trusted certificate for any host name that cannot be externally verified as owned by the organization that is requesting the certificate.
flickr | 'Cause I've been waiting, all my life just waiting
For you to shine, shine your light on me
West Henrietta, NY
This makes sense once you consider that rules on Top Level Domains have been relaxed. In the future domain.local could get registered to a company/person that is not you. If they were to issue a distant expiration certificate for that domain to Ira Hacker today, he could wreak havoc in a few years if that name comes into use on the public 'Net.