Certificate Authorities, browsers, and industry groups are constantly improving standards. The updated Baseline Requirements for the issuance of certificates (BR v1.1.6) include some of the changes that you might find out when requesting a new certificate or renewing an existing one.
Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, Version 1.1.6
Adopted by CA/Browser Forum (includes over 30 CA members and major browser vendors: Microsoft, Apple, Mozilla, Google, Opera) Effective as of July 29, 2013
• CA SHALL NOT issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name • Effective 1 October 2016, CAs SHALL revoke all unexpired Certificates whose SAN or Subject Common Name field contains a Reserved IP Address or Internal Server Name
In the updated version of our Screencast , we address these requirements by:
• Configuring Split-Brain DNS or Pin-Point DNS zones on the local network. We demonstrate both approaches, so you can choose the one that fits better your needs.
• Modifying the Exchange 2010 internal URL
• Requesting and installing a GoDaddy Multiple Domain certificate (UCC) that doesn’t use our Internal Server’s name.
Tweet #Exchange2010 Follow @netometer