10-17-2015 01:43 PM
As most of you will hopefully know come November the 1st 2015 there is a change in the way the CA's will/will-not issue Public Certificates. I've capture these changes and updated the Certificate 101 TechNote. You can find the guidance and details about that change in a 2-page section I've added.
All publicly trusted SSL Certificates issued to internal names and reserved IP addresses will expire before November 1, 2015.
In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012.
These requirements state:
CAs should notify applicants prior to issuance that use of certificates with a Subject Alternative Name (SAN) extension or a Subject Common Name field containing a reserved IP address or internal server name has been deprecated by the CA/B.
CAs should not issue a certificate with an expiration date later than November 1, 2015 with a SAN or Subject Common Name field containing a reserved IP address or internal server Name.
The technote is available in the usual location on the support site here:- CPPM - Certificates 101 TechNote V1.2.pdf
Snr Tech Marketing Engineer - ClearPass
-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
10-20-2015 08:05 AM
Now we just need some native LetsEncrypt certificate enrollment in CPPM and the controllers!