MsExchange Blog Spot Telnet25

April 23, 2013

Internal Names will no longer be Trusted within the Certificates after November 1, 2015

Filed under: General — telnet25 @ 2:38 pm

If you are using internal non routable FQDN names such as Server1.smtp25.local, server2.smto25.local, etc.  with in your certificate they are set to be “ not trusted” after November 1 2015.  It means you have to abandon them from your certificate. If you have these none routable internal FQDN;s within your current certificate you may wish to look into how to get them out before November1, 2015.

See more

Subject Alternative Name
DNS Name=email.Smtp25.org
DNS Name=Server1.Smtp25.local ———> Set to be expired
DNS Name=Server2.Smtp25.local———> Set to be expired

image

After November1, 2015 Certificates for Internal Names Will No Longer Be Trusted

In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012. These requirements state:

“As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a Subject Alternative Name (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name, the CA shall notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.”

https://www.cabforum.org/

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
https://telnet25.wordpress.com/ (Blog)

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: