New rules mean brand owners must review SSL certificates now

Recent rule changes mean that certain digital certificates will no longer be trusted, potentially putting domains and valuable information at risk. CSC recommends that all brand holders review certificates now to find out whether this change affects them.

locks-cmykWhat are digital certificates?
Also known as SSL certificates, they encrypt session information and assure users that they are visiting a legitimate, trusted website. Digital certificates are visible via the ‘https’ prefix or the green address bar that tell you a website is safe.

Which digital certificates are affected?
The new rules affect certificates that contain a reserved IP address or internal server name. Examples are:

Yourcompany.local or 192.168.0.0

Why the change and what does it mean?
If names are not unique, there is a potential security risk. With the arrival of new generic top-level domains (gTLDs), new domains such as .local will clash with internal server names.

When does this take effect?
As of now, certificate authorities such as Symantec, TrustedSecure and Comodo will not issue certificates for internal server names after October 31, 2014. Existing certificates will be revoked on October 31, 2016. However when a new gTLD is launched, any certificate for a matching internal server name (like .local) will be revoked immediately.

What are the consequences for my business?
If you are affected by this change and don’t take action, your domains will be insecure once digital certificates expire or are revoked, and a warning message will appear when users visit the site.

What action should you take?
We recommend that organizations take the following steps:

  1. Review your SSL portfolio to find any certificates issued to internal server names or reserved IP addresses.
  2. Work with your technical team to replace these internal server names or reserved IP addresses with unambiguous fully qualified domain names (FQDNs) like local.yourcompany.com.
  3. Request a new certificate for the FQDN.
  4. Revoke certificates issued to internal server names or reserved IP addresses.


CSC and digital certificates

CSC provides TrustedSecure® and Symantec® digital certificates and our Brand Advisory Team provides complimentary advice on how to manage SSL portfolios. Learn more on our Digital Certificates services page.