Confirmed users, Administrators
5,526
edits
CA/Forbidden or Problematic Practices: Difference between revisions
CA/Forbidden or Problematic Practices (view source)
Revision as of 23:29, 25 October 2018
, 25 October 2018updated referenced section numbers and quotes
(updated referenced section numbers and quotes, made more clear) |
(updated referenced section numbers and quotes) |
||
| Line 27: | Line 27: | ||
=== Certificates Referencing Local Names or Private IP Addresses === | === Certificates Referencing Local Names or Private IP Addresses === | ||
This is forbidden by the | This is forbidden by Section 7.1.4.2.1 of the [https://cabforum.org/baseline-requirements-documents/ Baseline Requirements], which says: | ||
* As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a subjectAlternativeName extension or Subject commonName field containing a Reserved IP Address or Internal Name, the CA SHALL notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA SHALL NOT issue a certificate with an Expiry Date later than 1 November 2015 with a subjectAlternativeName extension or Subject commonName field containing a Reserved IP Address or Internal Name. Effective 1 October 2016, CAs SHALL revoke all unexpired Certificates whose subjectAlternativeName extension or Subject commonName field contains a Reserved IP Address or Internal Name. | |||
=== Issuing SSL Certificates for .int Domains === | === Issuing SSL Certificates for .int Domains === | ||