Create custom rounded rectangles in Photoshop (CC/CC 2014/CC 2015)
Many organizations rely on internal server names or local IP addresses for hosting intranet applications as well as mail servers such as Microsoft Exchange. However, with the expansion of global top-level domains (gLTDs) that started in 2013, it has become possible for internal server names to conflict with actual worldwide web addresses. For this reason, if you use internal server names for intranet applications, it’s important to stay informed about what gLTDs have been approved.
One particular problem with using either internal server names or IP addresses is the potential for conflicts to compromise certificates issues for SSL communications. Many companies have purchased special “intranet” certificates from certificate authorities that are designed to be registered to internal server names. This approach is easier for end users than using self-signed certificates and avoids the risky step of instructing users to ignore browser warnings about an unverified certificate. However, since such names can’t be accurately verified by an external authority and may conflict with future gLTDs, the Certification Authority Browser Forum issued new guidelines that any newly issued certificate registered to an internal name must expire by November 1st, 2015, and all existing certificates for internal names must be revoked by October 1st, 2016.
Because of these changes, if you need a certificate to secure your mail server or other resources, you’ll have to either use fully qualified domain names or find a way to manage certificates internally. In the former case, you simply create a URL such as mail.mydomain.com (replaying “mydomain.com” with your actual registered domain name). However, you may need to take additional steps to ensure that your server truly behaves as an intranet server only. IE security zone settings may need to be changed using a group policy, to ensure that your server is seen in the intranet zone rather than the internet zone.
On the other hand, if you choose to manage certificates internally, there are a number of software packages to help you, such OpenSSL (www.openssl.org) or Symantec Private CA (www.symantec.com/private-ssl). These options allow you to avoid fees for renewing certificates and provide better manageability than creating one-off self-signed certificates.
Related posts
