Guidance on the deprecation of internal server names and reserved IP addresses
The CA/Browser Forum Baseline Requirements for the issuance of publicly-trusted Certificates prohibits the issuance of a Certificate with a subjectAlternativeName (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name. This whitepaper explains this change and the reasons behind it, and suggests alternatives for affected subscribers.
In this white paper you'll learn:
- Why the CA/Browser Forum made the change
- The dangers of publicly-trusted certificates for non-unique identifiers
- Recommended alternatives to accommodate the new rule