メインコンテンツまでスキップ

Can I issue a certificate using an IP Address or Internal Server Name?

User-added image

Yes, however, only for Organizational Validated (OV) certificate types , and only for IP Addresses .

Extended Validation (EV) certificates may not be issued with the use of IP Addresses or Internal Server Names.

( Learn more below : Background - Ballot 144 - Extended Validation - How can I obtain a certificate for my Internal Server Name? )

Background

Subject Alternative Names (SANs) may be added to any non-standard SSL/TLS certificate. These are domain names that can be secured in addition to the primary domain name being secured by that certificate.

The regulations around the issuance of SSL/TLS certificates oversee the use of SANs. The Certificate Authority/Browser (CA/B) Forum ( https://cabforum.org/ ) is a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing and determine Baseline Requirements that promote secure use of these certificates.

Ballot 144

Effective May 1, 2015.
The CA/B Forum enacted in Ballot 144 , section 9.2.1 Subject Alternative Name Extension:

Each entry MUST be either a dNSName containing the Fully-Qualified Domain Name or an IPAddress containing the IP address of a server. The CA MUST confirm that the Applicant controls the Fully-Qualified Domain Name or IP address or has been granted the right to use it by the Domain Name Registrant or IP address assignee, as appropriate.​

This means that certificates can be issued for IP Addresses, however, not for Internal Server Names.

Note that the reason for this is that Organizational Validated (OV) certificates (which are the first level of digital certificate to support SANs) display an authenticated identity. IP Addresses are unique, whereas Internal Server Names may be used multiple times by multiple organizations (e.g. "mail.internal").  Thus, Internal Server Names cannot be authenticated to single identities and therefore cannot be validated at the proper level of authentication standards.

This requirement was fully implemented in Entrust Certificate Services as of October 23, 2016, although Entrust Datacard proactively adhered to this standard before this as well as the effective date of the requirement.

Extended Validation

Extended Validation (EV) SSL/TLS certificates provide the highest level of browser authentication and security, and thus undergo the most rigorous verification checks of all digital certificate types. The regulations surrounding the issuance of EV do not authorize their use to protect IP Addresses or Internal Server Names .

As noted previously, however, IP Addresses may be secured with OV SSL/TLS certificates.

How can I obtain a certificate for my Internal Server Name?

You must create a self-signed certificate, or associate the Internal Server Name to a publicly-facing domain name that is owned by and registered to your organization and obtain a certificate using that domain name. Or you may request a certificate for the Internal Server Name from a Certificate Authority using a IP Address for that server.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Number
オーストラリア 0011 - 800-3687-7863
1-800-767-513
オーストリア 00 - 800-3687-7863
ベルギー 00 - 800-3687-7863
デンマーク 00 - 800-3687-7863
フィンランド 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
フランス 00 - 800-3687-7863
ドイツ 00 - 800-3687-7863
香港 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
アイルランド 00 - 800-3687-7863
イスラエル 014 - 800-3687-7863
イタリア 00 - 800-3687-7863
日本 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
マレーシア 00 - 800-3687-7863
オランダ 00 - 800-3687-7863
ニュージーランド 00 - 800-3687-7863
0800-4413101
ノルウェー 00 - 800-3687-7863
シンガポール 001 - 800-3687-7863
スペイン 00 - 800-3687-7863
スウェーデン 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
スイス 00 - 800-3687-7863
台湾 00 - 800-3687-7863
英国 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088