Tuesday, April 23, 2013

Internal Names will no longer be Trusted within the Certificates after November 1, 2015

If you are using internal non routable FQDN names such as Server1.smtp25.local, server2.smto25.local, etc.  with in your certificate they are set to be “ not trusted” after November 1 2015.  It means you have to abandon them from your certificate. If you have these none routable internal FQDN;s within your current certificate you may wish to look into how to get them out before November1, 2015.

See more

Subject Alternative Name
DNS Name=email.Smtp25.org
DNS Name=Server1.Smtp25.local ---------> Set to be expired
DNS Name=Server2.Smtp25.local---------> Set to be expired



After November1, 2015 Certificates for Internal Names Will No Longer Be Trusted

In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012. These requirements state:

“As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a Subject Alternative Name (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name, the CA shall notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.”


Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

1 comment:

Gmail Archiving said...

Great ideas and information..