It’s a good question. If public CA could issue SSL certificates for internal names like local hosts, IP addresses, or server names then we - Private Certifying Authority (CA) - won’t exist.
We issue SSL certificates to local hosts, server names, IP addresses and internal URLs. They are SSL certificates for internal network names. And our CA certificates are not trusted by the browsers and the client Operating Systems like Windows.
Reason for this situation is that CA/browser Forum which governs Public Certifying Authorities (CA) decided in 2015 that public CA can’t issue SSL certificates to Internal Names and internal IP addresses. See this file for details.
Hence Public CAs like Let’s Encrypt, DigiCert, GlobalSign, EnTrust etc. can’t issue SSL certificates for internal networks.
So, who so ever issues SSL for Internal Names or internal IP addresses have to issue them with non-public/Private CA roots only.
When you use such SSL certificates Operating System vendors and browsers don’t trust them because of CA Browser Forum’s policy. So, for browser to trust them customer needs to install Private CA roots on to each client device. This needs to be done once only. Once done you won’t have to do it again. It’s super easy to install using Microsoft Group Policy. See our blog page for details.
Our customers use SecureNT Intranet SSL certificates for internal web application like ERP, Email, HRMS, CRM, Service Desk, Analytics, etc and so on. These are very critical applications for their business. So, due to our certificates important flowing on the internal networks is encrypted. And their data is protected from the hackers and employees with wrong intentions.
No Comments Yet.
Copyright © 2024 Secure Network Traffic. All rights reserved. SecureNT is a registered trademark of Secure Network Traffic.