Team ClearPass,
As most of you will hopefully know come November the 1st 2015 there is a change in the way the CA's will/will-not issue Public Certificates. I've capture these changes and updated the Certificate 101 TechNote. You can find the guidance and details about that change in a 2-page section I've added.
All publicly trusted SSL Certificates issued to internal names and reserved IP addresses will expire before November 1, 2015.
In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012.
These requirements state:
CAs should notify applicants prior to issuance that use of certificates with a Subject Alternative Name (SAN) extension or a Subject Common Name field containing a reserved IP address or internal server name has been deprecated by the CA/B.
CAs should not issue a certificate with an expiration date later than November 1, 2015 with a SAN or Subject Common Name field containing a reserved IP address or internal server Name.
The technote is available in the usual location on the support site here:- CPPM - Certificates 101 TechNote V1.2.pdf