Yes, however,
only for Organizational Validated (OV) certificate types
, and only for
IP Addresses
.
Extended Validation (EV) certificates may not be issued with
the use of IP Addresses or Internal Server Names.
(
Learn more below
:
Background
-
Ballot 144
-
Extended Validation
-
How can I obtain a certificate for my Internal Server Name?
)
Background
Subject Alternative Names (SANs) may be added to any non-standard SSL/TLS certificate. These are domain names that can be secured in addition to the primary domain name being secured by that certificate.
The regulations around the issuance of SSL/TLS certificates oversee the use of SANs. The Certificate Authority/Browser (CA/B) Forum (
https://cabforum.org/
) is a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing and determine Baseline Requirements that promote secure use of these certificates.
Ballot 144
Effective May 1, 2015.
The CA/B Forum enacted in
Ballot 144
, section 9.2.1 Subject Alternative Name Extension:
Each entry MUST be either a dNSName containing the Fully-Qualified Domain Name or an IPAddress containing the IP address of a server. The CA MUST confirm that the Applicant controls the Fully-Qualified Domain Name or IP address or has been granted the right to use it by the Domain Name Registrant or IP address assignee, as appropriate.
This means that certificates can be issued for IP Addresses, however,
not
for Internal Server Names.
Note that the reason for this is that Organizational Validated (OV) certificates (which are the first level of digital certificate to support SANs) display an authenticated identity. IP Addresses are unique, whereas Internal Server Names may be used multiple times by multiple organizations (e.g. "mail.internal"). Thus, Internal Server Names cannot be authenticated to single identities and therefore cannot be validated at the proper level of authentication standards.
This requirement was fully implemented in Entrust Certificate Services as of October 23, 2016, although Entrust Datacard proactively adhered to this standard before this as well as the effective date of the requirement.
Extended Validation
Extended Validation (EV) SSL/TLS certificates provide the highest level of browser authentication and security, and thus undergo the most rigorous verification checks of all digital certificate types. The regulations surrounding the issuance of EV
do not authorize their use to protect IP Addresses or Internal Server Names
.
As noted previously, however,
IP Addresses
may be secured with OV SSL/TLS certificates.
How can I obtain a certificate for my Internal Server Name?
You must create a self-signed certificate, or associate the Internal Server Name to a publicly-facing domain name that is owned by and registered to your organization and obtain a certificate using that domain name. Or you may request a certificate for the Internal Server Name from a Certificate Authority using a IP Address for that server.
If you have any questions or concerns please contact the
Entrust Certificate Services Support
department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Country | Number |
Australia |
0011 - 800-3687-7863
1-800-767-513 |
Austria | 00 - 800-3687-7863 |
Belgium | 00 - 800-3687-7863 |
Denmark | 00 - 800-3687-7863 |
Finland |
990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet) |
France | 00 - 800-3687-7863 |
Germany | 00 - 800-3687-7863 |
Hong Kong |
001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax) |
Ireland | 00 - 800-3687-7863 |
Israel | 014 - 800-3687-7863 |
Italy | 00 - 800-3687-7863 |
Japan |
001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ) 0061 - 800-3687-7863 (IDC) |
Korea |
001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom) |
Malaysia | 00 - 800-3687-7863 |
Netherlands | 00 - 800-3687-7863 |
New Zealand |
00 - 800-3687-7863
0800-4413101 |
Norway | 00 - 800-3687-7863 |
Singapore | 001 - 800-3687-7863 |
Spain | 00 - 800-3687-7863 |
Sweden |
00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2) |
Switzerland | 00 - 800-3687-7863 |
Taiwan | 00 - 800-3687-7863 |
United Kingdom |
00 - 800-3687-7863
0800 121 6078 +44 (0) 118 953 3088 |