Can I request a certificate for an intranet name or IP address?
No - we no longer accept certificate requests for either intranet names or IP addresses. This is an industry-wide standard, not one specific to GoDaddy.
Here are example of the types of "common names" you cannot request certificates for:
|Intranet||server1, mail, server2.local|
Why does this policy exist?
為創造一個更安全的網絡環境，認證授權瀏覽器論壇 的成員將開會，為SSL憑證的實施準則定義。 結果，第三方憑證管理中心（CAs）必須撤銷該使用內聯網的名稱或 IP 地址的 SSL 憑證，由2016年10月1日起生效。
In short, this policy increases security. Because internal server names are not unique, they are vulnerable to man-in-the-middle (MITM) attacks. In a MITM attack, the attacker uses a copy of the real certificate or a duplicate certificate to intercept and retransmit messages. Because CAs issue multiple certificates for the same internal name, an attacker can make a valid request for a duplicate certificate and use it for the MITM.
What are my alternatives if I want to use an IP address?
Instead of securing IP addresses and intranet names, you should reconfigure servers to use Fully Qualified Domain Names (FQDNs), such as www.coolexample.com.
After configuring a FQDN to point to your IP address, you can generate a CSR for the domain name, and then request your certificate.
- After pointing a domain to your IP address, you can request a CSR for it