Frequently Asked Questions

We offer a 30% discount on all standard SecureNT Intranet SSL Certificates to educational institutions and non-profit organizations.

If you are eligible let us know your requirement. We will be pleased to send you our quote.

We issue Intranet SSL to all internal names, whether they use any regular TLD or not.

Some Private Certifying Authorities do not issue Intranet SSL if your internal domain name uses a regularly used Top Level Domain (TLD) name, including ccTLD reserved for countries.

For example, if your internal domain name is name1.com or name2.net, or name3.us then they won’t issue Intranet SSL Certificate to you. They will insist that you buy their regular SSL Certificate issued by a public CA.

We accept payment in multiple ways:

1. Wire Transfer (Swift) to our bank account in India
2. PayPal (we send you the payment link)
3. Stripe (we send you the payment link)

When the order is confirmed we share our Bank/PayPal/Stripe details. Upon receipt of payment and certificate details, we ship the certificate usually on the next business day.

Since the SecureNT Intranet SSL Certificate is issued to an IP Address or Internal Name (localhost, URL, or Server name) located on the internal network of an organization there is no need to validate the Common Name (CN) or Organization name (O) or Subject Alternative Name (SAN) values.

We verify the correctness of the organization’s name from the organization’s public website.

Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) are required to be done as per the directive of the CA/Browser Forum for SSL certificates issued by the public Certifying Authority (CA).

SecureNT is a private CA.

Internal names include hosts and domains that cannot be registered or resolved in public DNS e.g., server01 or server.local, localhost, etc.

Internal IP addresses cannot be registered for use on public networks. They include IPv4 or IPv6 addresses the Internet Assigned Numbers Authority (IANA) marks as reserved. The most common reserved ranges are 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0- 192.168.255.255. More information is available here.

We have 3 types of Certificates. a. Single Domain: SecureNT Intranet SSL Certificate – Single Domain secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL using Secure HTTPS protocol. b. Multi-Domain or SAN Certificate: SecureNT Intranet SSL Certificate – Multi-Domain (1 + 4 SAN) secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL plus 4 SAN values using Secure HTTPS protocol. In case you wish to secure more than 1+4 SAN, then you will have to purchase additional SANs in multiples of 5 SAN values. There is no limit to SAN values. c. Wildcard Certificate: SecureNT Intranet SSL Certificate – Wildcard secures an Intranet Server’s Server Name or Web page URL and all sub-domains using Secure HTTPS protocol.

A Multi-Domain (or Subject Alternative Name-SAN) certificate can support multiple domains, server names, and IP Addresses with a single domain.

They reduce SSL cost and maintenance by using a single certificate for multiple websites using SAN.

These certificates are more flexible than Wildcard certificates since they are not limited to a single domain.

Note: Only non-Wildcard names can be added as SAN.

Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 30-day Free Multi-Domain Certificate.

SecureNT Intranet SSL Certificate – Single Domain secures an Intranet Server’s Local Host Name, Server Name, internal/public IP Address, or Web page URL using Secure HTTPS protocol.

Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 90-day Free Single Domain Certificate.

A Wildcard certificate is a single certificate with a wildcard character (* – star) in the domain name field.

This allows the certificate to secure multiple subdomain names of the same base domain.

For example, a wildcard certificate for *.(domainname).com, could be used for www.(domainname).com, mail.(domainname).com, blog.(domainname).com, etc. Also, a special case of (domainname).com is also secured.

Certificates are valid for a period ranging from 1 to 10 years. One can install the certificate on unlimited servers. We offer a 30-day Free Wildcard Certificate.

An Intranet SSL certificate is a Private/non-Public SSL (TLS) Certificate issued by SecureNT. Technically, it is similar to the SSL certificates issued by Public CAs (like DigiCert, GlobalSign, Entrust, Sectigo, or Let’s Encrypt) but it is used on internal networks or private sites. Thus, the Intranet SSL certificate is installed on the servers of an internal private network. After installation, whenever a user (client PC) on a local network connects to this server using a browser, all data flowing between the client PC and the server is encrypted and no one can read it, even with snooping tools. Thus, confidential data and passwords flowing on the internal network remain secure from unauthorized users and even hackers.

TLD is the acronym used for top-level domain. It’s the last segment of a domain name after the final dot.

A great example of a TDL is: .com

The IANA officially recognizes three types of TLDs:

• gTLD – Generic Top-Level Domains
• ccTLD – Country Code Top-Level Domains
• sTLD – Sponsored Top-Level Domains

Your TLD plays an important role in the Domain Name System (DNS). For more information click here.

You may be surprised to know how competitively priced we are. Tell us your requirement and we will revert soon with a quote by Email.

We strongly believe in customer satisfaction. Our sales, SSL certificate issuance, and support policies are designed to meet customer needs.

We are looking forward to receiving your suggestions for improvements.

CA/Browser Forum (CA/B), the regulatory body that governs the SSL industry, does not allow Public CAs to issue Public SSL Certificates to Private Internal Networks covered under IETF RFC 1918. So, internal/private Servers have to use SSL Certificates from non-public CAs or Self-Signed Certificates. Of course, some of these Public CAs do issue Intranet/non-Public SSL Certificates using non-Public Root Certificates. SecureNT Intranet SSL does the same but offers it quickly and at a much more attractive price.

Intranet SSL certificate’s root certificate chain is not trusted by default on popular browsers like Chrome, Edge, Internet Explorer, Safari, Firefox, etc. This means that unless certain steps are taken, a client PC will get a “certificate not trusted” error when a user uses a web browser to access a website hosted on a Server with Intranet SSL. But these steps need to be taken once only. After those steps are taken, the client PC will always trust the Intranet SSL certificate.

 Certificates are issued by default with RSA Encryption, 2048 bit Key Size, and Sha256 Hash Algorithm  The Root Certificate chain is from Secure Network Traffic  Custom Root Certificate chain on your organization name is available on request  Client Authentication Certificates for Single Sign-on and Document Management / Signing available on request.  RSA Certificates with different Key Size and Hash Algorithm available on request  ECDSA Certificates with 256 and 384-bit Key Size also available on request

We issue Intranet SSL to all internal names, whether they use any regular TLD or not.

Some Private Certifying Authorities do not issue Intranet SSL if your internal domain name uses a regularly used Top Level Domain (TLD) name, including ccTLD reserved for countries.

For example, if your internal domain name is name1.com or name2.net, or name3.us then they won’t issue Intranet SSL Certificate to you. They will insist that you buy their regular SSL Certificate issued by a public CA.

We issue SecureNT Intranet SSL certificate in PEM format with .cer extension. The PEM format is the most common format used for certificates. Extensions used for PEM certificates are cer, crt, and pem. They are Base64 encoded ASCII files. PEM formatted certificates contain the “Begin Certificate/End Certificate” statements. The DER format is the binary form of the certificate. DER formatted certificates do not contain the “BEGIN CERTIFICATE/END CERTIFICATE” statements. DER formatted certificates most often use the ‘.der’ extension. Root Certificates on Resource page are in DER format. In case, you want them in PEM format send Email to support@intranetssl.net

Internal names include hosts and domains that cannot be registered or resolved in public DNS e.g., server01 or server.local, localhost, etc.

Internal IP addresses cannot be registered for use on public networks. They include IPv4 or IPv6 addresses the Internet Assigned Numbers Authority (IANA) marks as reserved. The most common reserved ranges are 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255, and 192.168.0.0- 192.168.255.255. More information is available here.

 Secure localhost, Server Name, Internal IP Address, Internal Domain, Sub-domain including Wildcard domain e.g., *.company.local

 Secure multiple servers using SAN values

 Certificates valid up to 10 years

 Install the same certificate on unlimited servers

 The certificate is issued with SecureNT Intranet Root & Intranet Intermediate CA chain. They are to be installed on each client’s machine.

 Fast Issuance, usually less than 24 hours

 Fast Expert Customer Support

 Automatic renewal reminders and early renewal options

 90-day free certificate for Single Domain. 30-day free certificate for Multi-domain and Wildcard.

 Certificates with Custom Root CA in the name of your Organization are available

 Client Authentication Certificates for Web-based Applications and Document Management Systems available

TLD is the acronym used for top-level domain. It’s the last segment of a domain name after the final dot.

A great example of a TDL is: .com

The IANA officially recognizes three types of TLDs:

• gTLD – Generic Top-Level Domains
• ccTLD – Country Code Top-Level Domains
• sTLD – Sponsored Top-Level Domains

Your TLD plays an important role in the Domain Name System (DNS). For more information click here.

When an internal/external IP Address is part of Common Name (CN) or Subject Alternative Name (SAN) care needs to be taken while generating the CSR.

If not done correctly then the latest browsers like Chrome and Edge give an error – “Your connection to this site is not secure.” Note that deprecated Microsoft Internet Explorer does not give any error in this case.

To avoid this problem please ensure that the IP address is mentioned in the SAN extension as DNS Name and IP Address.

A sample configuration file is shown below for Multi-domain Certificate with 1+3 SAN values, where CN has IP-Address-1 and SAN values are IP-Address-2, SAN-1, and SAN-2.

———

[req]
prompt = no
distinguished_name = dn
req_extensions = ext

[dn]
CN = IP-Address-1
O = Org Name
L = Location/City
ST = State/Province
C = 2 digit code

[ext]
subjectAltName = @alt_names

[alt_names]
IP.1 = IP-Address-1
IP.2 = IP-Address-2
DNS.1 = IP-Address-1
DNS.2 = IP-Address-2
DNS.3 = SAN-1
DNS.4 = SAN-2

———

Please follow the below steps.

a. Android 11+ Device

In Android 11+, to install a CA certificate, users need to manually:

1. Open Device settings
2. Go to ‘Security’
3. Go to ‘Encryption & Credentials’
4. Go to ‘Install from storage’ or ‘Install a certificate’ (depending on devices)
5. Select ‘CA Certificate’ from the list of types available
6. Accept a warning alert.
7. Browse to the certificate file on the device and open it
8. Confirm the certificate installation

b. On recent Samsung device:

Settings
-> Biometrics and security
-> Other security settings
-> Install from device storage
-> CA Certificate
-> Install Anyway

Check this:

1. Please check if you have installed Intranet Root/Intermediate CA Certificates on Windows PCs or Macs. If they are already installed then it could be an antivirus blocking access to the root certificate, thinking that is not a trusted root certificate. In this case, create an exception in the setting of the anti-virus to allow access to SecureNT Intranet root/intermediate CA certificates.
2. On Windows PCs ensure that Intranet Root CA Certificate is installed under “Trusted Root Certification Authorities”; and that Intranet Intermediate CA Certificate is installed under “Intermediate Certification Authorities”.

To install the SecureNT Intranet Root/Intermediate CA Certificates follow the steps given here. They need to be installed once, on each Windows client PC. On a Mac, customers will need to open Keychain Manager and explicitly trust each of the two root certificates.

To automate the installation of root certificates on multiple machines, one can use Microsoft’s Group Policy for PCs; and Parallel’s Device Management for Macs. Click here to find the installation details. (https://intranetssl.net/support/resources/)

Firefox does not use the operating system’s certificate store for storing the root certificates. So, the root certificate chain is added differently. Read this article for details. (https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox)

This sometimes happens due to Antivirus or End Point Security software. They don’t trust non-public Root Certificates and tell the browser that the Intranet Root Certificate is not trusted.

In one case, we noticed that AVG antivirus intercepted the network connection by keeping its own SSL in between, passing an error to the browser that SecureNT Root Certificate is not trusted. The customer created an exception for the error and the browser error stopped.

This problem is not seen with Avast antivirus. Just for information.