Issueing SSL certificates for internal server names (e.g. .local) - Microsoft Exchange Server, DNS, etc.

As per July 2012 SSL certificates for local server names will not longer be issued, accoring to the CA/B Baseline Requirements. This has been decided by the CA/Browser Forum (CA/B) in November 2011.

The official solution is also changing your internal server name to a public domain name and requesting a "regular" SSL certificate for that public name.

You may find further information about the baseline requirements on the official website of the CA/B forum: https://cabforum.org/baseline-requirements/

You may find detailed instructions including "split-brain DNS" here: https://www.codetwo.com/admins-blog/san-certificates-and-split-brain-dns-in-exchange-2013/

Was this answer helpful?

 Print this Article

Also Read

Requesting SSL certificates and SSL installation for all-inkl.com customers

All-inkl.com enables customers to install InterSSL certificates. You can find a tutorial here...

Tomcat GlassFish SSL CSR creation & installation example

cd /opt/glassfish4/glassfish/domains/domain1/config keytool -list -v -alias s1as -keystore...

How to securely submit sensitive documents (forms, personal ID, company registration docs) to COMODO? (OV and EV certificates, CPAC Pro, CPAC Enterprise)

In case you are requested to submit sensitive documents (forms, personal id, company documents)...

How long does it take until HTTP based authentication is verified?

Typically HTTP-based authentication will be done within a couple of minutes. If you think the...

PositiveSSL Multi-Domain - How to change approval email address per domain (multidomain)

For example, if "admin@" is selected as approver having main domain specified as "domain.com" and...