New Private SSL Certificates enable continued internal use of
non-registered domain names
DALLAS, Feb. 12, 2014 /CNW/ - The use of non-fully qualified domain names (FQDN) in
publically trusted certificates is being deprecated by November 1, 2015, and existing certificates containing non-FQDNs will be revoked by all
public certification authorities by October 1, 2016. To help simplify this change, Entrust, Inc. introduces Private SSL Certificates that provide organizations an easy and affordable method
for the continued use of non-registered domain names.
"While this is an important change to help strengthen the CA trust
infrastructure, Entrust strongly believes there should be simple means
for organizations to properly adapt to the new policies," said David Rockvam, Entrust Senior Vice President of Product Management and SaaS
Offerings. "This new type of internal SSL certificate helps ensure
security is not compromised and wholesale changes aren't required
within the organization."
Per the CA/Browser Forum's latest Baseline Requirements, publicly trusted SSL certificates that use non-registered domains
represent security vulnerabilities in the SSL trust chain. As a
convenience for users, many servers in corporate networks are reachable
by local names such as "mail," "wiki" or "hr." Most publicly trusted certificates for non-unique names are deployed
in the context of local networks to enable trust in these local names
without the additional cost of provisioning a new trust root to
This may be especially desirable for networks lacking centralized policy
deployment and management tools, such as "Bring Your Own Device"
environments. Unfortunately, even these legitimate deployments come
with hidden dangers, and such certificates are frequently misused.
To combat this vulnerability, Entrust Private SSL Certificates provide
the same key sizes, signing algorithms, validity periods and CA
protection as Entrust's proven publicly trusted SSL certificates — all
issued via a private shared CA that ensures no two names are alike.
As an alternative, an organization also may elect to switch all internal
SSL certificates to FQDNs and continue to use publically trusted SSL
certificates. Root certificate trust is automatically delivered by the
operating system or the browser without the organization's IT
involvement. Properly changing domain names, however, could take an
extended period of time — or even break integrations — as they may be
hard-coded into existing applications.
To help organizations understand the changes, Entrust offers a
complimentary white paper, "Guidance on Non-FQDNs: The Deprecation of Internal Server Names and
Reserved IP Addresses," which explains the policy modifications, why it was implemented and
recommendations for possible options moving forward under the new
Entrust Certificate Services provide organizations with SSL and
specialty digital certificates that are proven, cost-effective and
supported by standards-based technology. Entrust's public root is
ubiquitous on more than 99.9 percent of desktop and mobile browsers.
To learn more about Entrust Private SSL Certificates, visit entrust.com/PrivateSSL.
<Tweet It: <s>@</s>Entrust Provides Answer to Deprecation of Non-FQDN SSL Certificates. Learn more
about <s>#</s>PrivateSSL here, www.entrust.com/private-ssl-certificates >>
A trusted provider of identity-based security solutions, Entrust secures
governments, enterprises and financial institutions in more than 5,000
organizations spanning 85 countries. Entrust's award-winning software
authentication platforms manage today's most secure identity
credentials, addressing customer pain points for cloud and mobile
security, physical and logical access, citizen eID initiatives,
certificate management and SSL. For more information about Entrust
products and services, call 888-690-2424, email email@example.com or visit www.entrust.com.
Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In Canada, Entrust is a registered trademark of Entrust Limited. All Entrust
product names are trademarks or registered trademarks of Entrust, Inc.
or Entrust Limited. All other company and product names are trademarks
or registered trademarks of their respective owners.
SOURCE: Entrust, Inc.
For further information:
Lindsey Lockhart, Media Relations, 972-728-0374, firstname.lastname@example.org