Need Help?

Contact QuoVadis Sales at
+1-441-278-2803 or e-mail

News and Events

Expiry of SSL Using Internal Server Names
18 Aug 2015

Trusted SSL certificates issued to internal names and reserved IP addresses should expire before November 1, 2015.

All publicly-trusted SSL certificates using “non-unique names” such as internal server names or reserved IP addresses should expire by October 31, 2015 according to the SSL Baseline Requirements published by the CA/Browser Forum. It does not matter whether the https services are private or publicly accessible over the Internet. 

  • Internal server names include domains that cannot be registered or resolved in public DNS (for example exch01, example.local, or localhost). 
  • Reserved IP addresses are marked for internal use by the Internet Assigned Numbers Authority (IANA) and cannot be registered for use on public networks. The most common reserved ranges are 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0- 192.168.255.255.

The Baseline Requirements deprecate the use of internal names in publicly-trusted SSL because it may create vulnerabilities which allow attackers to perform "man in the middle" attacks and eavesdrop on secure connections.

QuoVadis began the staged deprecation of internal names in SSL in 2012, allowing customers time to implement new practices.

Beginning in November 2015, all internal connections that require a publicly-trusted certificate must use names/IP addresses that are registered and verifiable.