MsExchange Blog Spot Telnet25

April 23, 2013

Internal Names will no longer be Trusted within the Certificates after November 1, 2015

Filed under: General — telnet25 @ 2:38 pm

If you are using internal non routable FQDN names such as Server1.smtp25.local, server2.smto25.local, etc.  with in your certificate they are set to be “ not trusted” after November 1 2015.  It means you have to abandon them from your certificate. If you have these none routable internal FQDN;s within your current certificate you may wish to look into how to get them out before November1, 2015.

See more

Subject Alternative Name
DNS Name=Server1.Smtp25.local ———> Set to be expired
DNS Name=Server2.Smtp25.local———> Set to be expired


After November1, 2015 Certificates for Internal Names Will No Longer Be Trusted

In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012. These requirements state:

“As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a Subject Alternative Name (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name, the CA shall notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.”

Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server + (Blog) (Blog)


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at

%d bloggers like this: