Call the Team: (London Office)

30 days guarantee

Deprecation of ssl certificates securing internal domains: why, when and what to do

Get in touch now


Another satisfied customer

More info
Register your Domain Name
  • Bulk transfer domains
  • Register 400+ domain extensions
  • Free DNS management
  • Industry leading grace and redemption periods
  • No hidden fees


From the 31st October 2015, SSL certificates will be unable to secure local domains, internal IPs and server names. However SSL247® is offering a FREE solution* to keep your internal domain names secured:

  • Rename your local domains (.local, .lac, .loc) free
  • As a result of the renamed domain**your internal services stays secured.
    (Offer is subject to purchasing an SSL certificate with a minimum duration of 3 years***)

At SSL247® we understand your concerns regarding the transition, especially if you use applications from Microsoft like Exchange. To address these concerns, SSL247® has a process in place for 2007-2010 versions of Microsoft Exchange. For alternative types of servers, please contact your account manager who will be able to assist you throughout the process.

* For security concerns related to Microsoft Exchange versions 2007-2010, SSL247® already has a process in place to immediately provide advice. For alternative types of servers, please contact your account manager, who will be able to assist you though the process.

**The free domain name requested cannot already be in use (excluding transfer, renewal, and premium domain names). Extensions offered by SSL247® includes (dependent on country), .com, .org and .net.***Offer is valid for all Symantec, GlobalSign, GeoTrust, and Thawte branded SSL certificates, which are purchased from SSL247® with a minimum duration of three years.

Why SSL certificates will no longer secure internal domains, internal IPs, or server names.

One reason for the deprecation is the launch of hundreds of new gTLDs, which increased the risk of name collision between internal and public domains. However the CA/Browser forum’s internal domain deprecation guide claims the decision was primarily motivated by the potential security issues caused by internal domain SSL certificates:

“Because non‐unique names cannot be meaningfully validated in the context of the public Internet, and because of the potential for malicious misuse of such certificates, the CA/Browser Forum has decided to cease issuing them after a grace period to allow affected users to transition away from them.”

Keeping it short, the decision to deprecate the issuance of SSL certificates for internal needs was made to combat MITM (Man in the Middle) attacks inside private networks. Internal domain names / IPs and server names cannot be vetted during the issuance process, and therefore should no longer be used. Unfortunately a major underlying issue remained: what should you do if your network infrastructure relies on local domain names/ IPs and servers?

If you have any questions, feel free to contact one of our accredited experts to find out more.

    (London Office)

Share this:

Posted on Tuesday 22 September 2015 by

Return to blog

Send us your comments

Your comment will not be published. If you have a question, do not forget to write your email address so that we can get back to you!


Norton seals are viewed more than half a billion times a day on more than 100,000 websites in 170 countries and in search results on enabled browsers, as well as partner shopping sites and product review pages. When website visitors see the Norton Trust Seal, they are less likely to abandon a transaction and more likely to do business with you online.

SSL Certificates

Our Partnerships
Our Accreditations
Our Trust Seal
Sitemap | Cookies | Legal
© 2017 . All rights reserved. SSL247 Limited is registered in England No: 5802692 | Tel:

Cookies SSL247 uses cookies to provide you a seamless user experience. For more information please read our Terms & conditions. Continue