blog.icewolf.ch

Let's talk about IT!
posts - 1259, comments - 293, trackbacks - 0

My Links

Archives

Post Categories

icewolf

New Rules for Public Certificates

Hallo zusammen,

Es gibt einige Änderungen was öffentliche SSL Zertifikate betrifft. Interne IP's und Interne Domains dürfen nicht mehr im Subject Alternative Name (SAN) eines Zertifikats eingetragen werden.

Hier einige Dokumente welche das beschreiben

Eine gute Zusammenfassung was das Bedeutet gibt es auf dem NextHop Blog "How Changes to Public Certification Authority Standards Will Affect You

  • The Subject Name / Common Name field is deprecated and discouraged for use.
  • IP addresses and DNS names not registered with public DNS and IP address authorities are no longer able to acquire public certification authority certificates, affecting external Web server communication over HTTPS, or other communications that require a public certificate.
  • Public certificates issued after November 1, 2015 must follow these rules.
  • Public certificates in use on October 1, 2016 will be forcibly expired, requiring the owner to request a new certificate that complies with the rules.
  • If you need to support an internal domain name or IP address scope that is either not assigned to you or is in the private IP address range for use for private networks, you must use an internal private/enterprise PKI to issue all internal certificates for your user and server purposes.
Grüsse
Andres Bohren

Print | posted on Sunday, April 28, 2013 10:48 AM | Filed Under [ Security ]

Feedback

No comments posted yet.

Post Comment

Title  
Name  
Email
Url
Comment   
Please add 6 and 5 and type the answer here:

Powered by:
Powered By Subtext Powered By ASP.NET