Issueing SSL certificates for internal server names (e.g. .local) - Microsoft Exchange Server, DNS, etc.

As per July 2012 SSL certificates for local server names will not longer be issued, accoring to the CA/B Baseline Requirements. This has been decided by the CA/Browser Forum (CA/B) in November 2011.

The official solution is also changing your internal server name to a public domain name and requesting a "regular" SSL certificate for that public name.

You may find further information about the baseline requirements on the official website of the CA/B forum: https://cabforum.org/baseline-requirements/

You may find detailed instructions including "split-brain DNS" here: https://www.codetwo.com/admins-blog/san-certificates-and-split-brain-dns-in-exchange-2013/


Was this answer helpful?

 Print this Article

Also Read

Can you issue SSL certificates for .krd / .gov.krd (Kurdistan - Iraq) domains?

YES, the TLD has been added by GeoTrust / RapidSSL on our request for one of our customers. ;-)

Where can i get a Wildcard EV (Extended Validation) SSL certificate?

Unfortunately EV certificates cannot be Wildcard due to CA/B Forum policies, so the only option...

Multidomain SAN Upgrade: is it possible to purchase additional SAN slots later?

Yes, it is possible to increase the SAN slot count for an existing multi-domain SSL certificate....

How do i create a CSR (Certificate Sign Request) in Microsoft Exchange 2010? How do i install my SSL certificate in Exchange 2010 server?

YouTube: https://www.youtube.com/watch?v=GD0Ro0etUPQ

PositiveSSL Multi-Domain - How to change approval email address per domain (multidomain)

For example, if "admin@" is selected as approver having main domain specified as "domain.com" and...