SlideShare uma empresa Scribd logo

Public san certificate deprecated support in the internal server name part 19#36

Eyal Doron
Eyal Doron

The document discusses changes to the standards for public SAN certificates by the CA/Browser Forum. As of November 1, 2015, certificates will no longer be able to include non-unique names, also called internal server names, that cannot be externally verified. This is because such names pose a security risk, as they are not truly unique and could be falsely represented. The changes will affect services that currently use certificates for internal server names, requiring administrators to prepare by obtaining new certificates without such names before the deadline. Failure to do so could result in issues ranging from annoyances to catastrophic consequences for their systems and services.

Tecnologia
1 de 21
Baixar para ler offline
Page 1 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Public SAN certificate | Deprecated support in the internal server name | Part 19#36 In the current article, we will review the subject of – “Invalid Fully Qualified Domain Names” in SAN certificate. The interesting thing is that at the current time (2014), there is not too much public information about this subject, but although this subject seems to be minor and not “cool”, the Implications of this new standard could be quite dramatic and serious. Allowing myself to be a little dramatic, I relate to the new public certificate standard as the- “The revolution of 1 November 2015”.
Page 2 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 As of the date of – 1 November 2015, there will be no option to enroll in a new public certificate or renew existing public certificate that includes Non-unique names. In other words – you will not be able to publish internal or external host who provides a specific service by using a certificate that includes Non-unique names. And as usual, in this stage, there are many relevant questions that could appear: Q1. What is the meaning of Invalid Fully Qualified Domain Names? Q2. What is the meaning of Non-unique names? Q3. What are the relations or the connection to SAN certificate? Q4. To what organization services, and infrastructures does this issue relate? Q5. How to prepare myself for this change? I will try to answer some of this question in details in the following section, but, regarding question number 4 – “To what organization services and infrastructures does this issue relate”, is important to emphasize that this subject is huge, and the answer can relate to Dozens or even hundreds of different services but in the current article I relate mainly to the Microsoft Exchange server infrastructure.
Page 3 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Regarding question number 5 – the “how part” answer appears in more details in the former article – Exchange infrastructure | Implementing single domain namespace scheme | Part 2#2 | Part 18#36 Note – despite the “declaration” about the relevance of the Exchange infrastructure, most of the information is relevant for any other infrastructure and even for non- Microsoft operating systems. WHY SHOULD I CARE ABOUT THE SUBJECT OF – PUBLIC SAN CERTIFICATE | DEPRECATED SUPPORT IN – INTERNAL SERVER NAME? (NON-UNIQUE NAMES)? As mentioned, the subject at the end of support for the Internal server name in the Public SAN certificate, doesn’t make too much noise, but it is a very important subject that relates to the most basic organizing services and infrastructure begging with the websites, Exchange infrastructure and much more. Q: In the case that I would prefer to ignore this subject, what could be the consequence? A: I’m not a prophet, but I can predict that the consequence could be begging from annoying, up to be catastrophic.
Page 4 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 As an IT administrator or, as an Exchange server infrastructure advisor, you owe yourself and your users to be familiar with the “new public certificate standard”, understand the meaning of this standard, plan for the required changes and implemented the changesupdates before the last day.
Page 5 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 So what is all about? The rustling and rattling is about the fact that in case that organization infrastructure such as Exchange CAS server use an SAN certificate that includes a single host name or an FQDN with a private domain name, you will not be able to renew this certificate as of the date 1 November 2015.
Page 6 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Another way to show the reluctance of the CA/Browser Forum – Public SAN certificate that includes Internal Server name? (Non-unique names) appears in the following picture.
Page 7 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Note – I must admit that I have I got carried away but, I could not resist the temptation of adding this wonderful cat picture! Q1: Who is the persona that makes my life so hard? A1: CA/Browser Forum Q2: Who isareit the CA/Browser Forum? A2: The definition that appears in Wikipedia is: The Certification Authority Browser Forum, also known as the CA / Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v. 3 digital certificates that chain to a trust anchor embedded in such applications.
Page 8 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Its guidelines cover certificates used for the SSL/TLS protocol and code signing, as well as system and network security of certificate authorities. As of July 2013, the CA/Browser Forum includes over 30 Certificate Authority members and the following five Internet Browser Software Vendors: Microsoft (Internet Explorer), Apple (Safari), Mozilla (Firefox), Google (Chrome), and Opera. [Source of information CA/Browser Forum] The point – we should need to this “Forum” very seriousness! For more information, you can visit the CA/Browser Forum website (cabforum) Q: What is the reason to stop using the internal name in my public certificate? A: The reason that is given for the change is that the internal server names are not unique and therefore easy to falsify. With common names like server01 or webmail, the end user is never sure if it is actually dealing with the right party or with a malicious. The changing legislation for SSL Certificates shall start on 1 November 2015. This means, from that date, the invalid Fully-Qualified Domain Names (hereafter called FQDN) will no longer be accepted at the standard of the CA/Browser Forum and after that date such certificates may no longer be issued. All certificates issued after 1 November 2015 and meet this qualification will be revoked upon discovery. [Source of information – Global changes in legislation regarding SAN SSL Certificates]
Page 9 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012. These requirements state: As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a Subject Alternative Name (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name, the CA shall notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.” “Because of these new requirements, Certificate Authorities (CAs) must immediately begin to phase out the issuance of SSL Certificates for internal server names or reserved IP addresses and eliminate (revoke) any certificates containing internal names by October 2016. In addition, the baseline requirements prevent CAs from issuing internal name certificates that expire after November 1, 2015. After 2015 it will be impossible to obtain a publicly-trusted certificate for any host name that cannot be externally verified. [Source of information – SSL Certificates for Internal Server Names] What is an SAN public certificate? The simple explanation for the term “SAN certificate” is – a public certificate that includes a list of one or more hosts names, which are “entitled” to use the specific certificate.
Page 10 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 For example, an SAN certificate that includes the host name – mail.o365info.com When we need to implement secure communication channel using protocols such as HTTPS, the “server side” proves his identity to the client by presenting an “approved” certificate. For example – when a client address host named mail.o365info.com, the server will reply by proving the client a certificate, which include the host name in the “Subject Alternative Name” filed. In case that the host name doesn’t appear upon the certificate, the certificate considered as not valid.
Page 11 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The formal definition of an SAN certificate as it appears in Wikipedia is: SubjectAltName (SAN) is an extension to X.509 that allows various values to be associated with a security certificate. These values are called “Subject Alternative Names”, or SANs. Names include:  E-mail addresses  IP addresses  URIs  DNS names (Otherwise often given as a Common Name RDN within the Subject)
Page 12 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015  directory names (alternative Distinguished Names to that given in the Subject)  other names, given as a General Name – an registered object identifier followed by a value.  SubjectAltName [Source of information: SubjectAltName] WHY DOES THE USE OF THE INTERNAL SERVER NAME (NON-UNIQUE NAMES) COULD BE TRANSLATED INTO A SECURITY RISK Using an Internal Server name? (Non-unique names) is a public SAN certificate can lead to a scenario of the security vulnerability or exploit. Regarding the subject of security vulnerability, I choose to make my life easier and provide the answer for this question by using a very clear and informative PDF that was published by the CA/Browser Forum named –Guidance on the Deprecation of Internal Server Certification Authorities enable the establishment of trust on the Internet by issuing certificates that bind cryptographic public key material to verify identities” “The key distinction between the two types of names and addresses is uniqueness. A fully qualified domain name like “www.cabforum.org” represents a unique and Distinct identity on the Internet (even if multiple servers respond to that name, the control of that name belongs to a single entity). In contrast, at any given time, there may be thousands of systems on public and private networks that could respond to the unqualified name “www”. Only one logical host on the Internet has the IP address “97.74.42.11”, while there are tens of thousands of home Internet gateways that have the address “192.168.0.1”
Page 13 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 “The purpose of certificates issued by publicly trusted Certification Authorities is to provide trust in names across the scope of the entire Internet. Non-unique names, by their very nature, cannot be attested to outside their local context, and such certificates can be dangerously misused, so, as of the effective date of the BR 1.0, issuance of certificates for non-unique names and addresses, such as “www”, “www.local”, or “192.168.0.1” is deprecated. What are Non-unique Names? Well, this is the tricky part because we need to explain an Intangible concept and additionally, there are many parallel words, which described the similar or the same concept. The main subject of this article, relate to the new standard of public SAN certificate that states that – in the very near future (1 November 2015) a there is not support for Non-Unique Names or Invalid Fully Qualified Domain Names.
Page 14 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In the following diagram, we can see a list of – ”Non-unique Names”, that will be considered as “not allowed” or not supported in an SAN public certificate beginning with 1 November 2015
Page 15 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Let’s admits, the term – ”Non-unique Names” is a little vague. The reason for this ambiguity is because the term – ”Non-unique Names”, can be translated or converted into a couple of parallel terms. To clarify this term, let’s use a basic classification for two name space categories: Single name address space verse FQDN (Fully qualified Doman Name) address space. 1. Single name address space The “Single names address space” and all of the above terms, describe a naming convention that is based on a single name. This is that exact naming convention that we use for our personal name. Each of us, have a personal name, but we cannot relate to this name as a “unique identifier” because, there is a very a reasonable chance, that other people use this name. In the network environment, we can refer to a host by using a single name address space. This method of relating to a specific host by using a Single name address space described also by using the following terms:
Page 16 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015  Internal Server Name  Single Host name  Local names  Short Name  NetBIOS Name  Link-Local Multicast Name 2. FQDN (Fully Qualified Doman Name) address space The term FQDN (fully qualified domain name) defines, as the name implies, a “Full name” that is built from a host name + Domain name suffix. Each of these “parts” in a FQDN name is not unique, but the combination of host name and the domain name create a “unique name” or a Fully Qualified Doman Name. The term – ”FQDN” can also be dived to two main categories: 1. Public FQDN A public FQDN is a host name who has a public domain name suffix. There could be a couple of formal definitions for the term- “public domain name” but if we want to make it simple, the meaning is a domain that was purchased from a public ISPProviders who sell public domain names. The public domain name should be registered, so after we have purchased the public domain name, nobody else can buy this domain name. 2. Private FQDN The term – “private FQDN”, describe a FQDN name who uses a domain suffix that considers as private or, not public domain names suffix. The advantage of a private domain name suffix is that is free and everybody is “allowed” to use it. The only issue is that the private domain name, can only be used in an internal network. In other words, we cannot publish a host in the public network by using a FQDN that includes a private domain name.
Page 17 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 When relating to Active Directory domain name, the common practice was to “segregate” the internal organization’s network from the public network, by using a private domain name for the Active Directory. The “theory” was that – we should separate and segregate internal host from the public network by providing them a private name who cannot be published on the public network and by doing so, protecting this host from malicious elements. Public SAN certificate | Deprecated support in – Internal Server name? (Non-unique names) In this section, I would like to review the subject of the CA/Browser Forum announcement about- baseline requirements for the Issuance and management of publicly trusted Certificates and Deprecated support in: Internal Server name? (Non-unique names) that will start in 1 November 2015. Let’s start with the explanation of the term- Internal Server name (Non-unique names). The “translation” of this term could be:  Single name  FQDN name with a private domain name
Page 18 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 1. Single name One translation of the term- “Internal Server name”? (Non-unique names) is – host name who uses a “single name space” as the host name. An example for such as host name is the server named- mail In the diagram, we can see additional synonym for the term “Single host name” such as- Local names, Short Name etc. This type of a host name, will be no longer supported when using an SAN public certificate as of the date 1 November 2015.
Page 19 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 2. FQDN name with a private domain name. The second “translation” of the term “Internal Server name”? (Non-unique names) is – FQDN name who uses a private domain name suffix. The new standard of the public SAN certificate will not support host name who uses a domain name suffix that is not a public domain name suffix. Additional synonyms for this type of host FQDN are:  Invalid Fully Qualified Domain Name  Unregistered Domain Name  Private Domain Name
Page 20 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Additional reading Information about the new standard – cabforum  Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.0  Guidance on the Deprecation of Internal Server General Information about the new standard  CA:Problematic Practices  Invalid Fully Qualified Domain Names no longer accepted in Subject Alternative Names (SANS) in SSL certficates  Modify .local in Exchange 2010  Global changes in legislation regarding SAN SSL Certificates
Page 21 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015  No internal server names on SAN certificates after 2015 – where are the procedures? Information from public CA companies  SSL Certificates for Internal Server Names  Unqualified Names in the SSL Observatory  Fully-qualified Nonsense in the SSL Observatory  Root Zone Database

Recomendados

Co|Create Website Documentation Guidebook
Co|Create Website Documentation GuidebookCo|Create Website Documentation Guidebook
Co|Create Website Documentation GuidebookJon Wretlind, BFA, MDiv
 
BizTalk: Server, Services and Apps
BizTalk: Server, Services and AppsBizTalk: Server, Services and Apps
BizTalk: Server, Services and AppsSandro Pereira
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Eyal Doron
 
TAM-2012-14 GMS Elathur Sengottai -Health is Wealth
TAM-2012-14 GMS Elathur Sengottai -Health is WealthTAM-2012-14 GMS Elathur Sengottai -Health is Wealth
TAM-2012-14 GMS Elathur Sengottai -Health is Wealthdesignforchangechallenge
 
Exchange clients and their public facing exchange server part 13#36
Exchange clients and their public facing exchange server part 13#36Exchange clients and their public facing exchange server part 13#36
Exchange clients and their public facing exchange server part 13#36Eyal Doron
 
Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Eyal Doron
 
Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...
Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...
Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...pathsproject
 
Canciones del colegio
Canciones del colegioCanciones del colegio
Canciones del colegioTrini Martínez Ballesteros
 

Recomendados

Co|Create Website Documentation Guidebook
Co|Create Website Documentation GuidebookCo|Create Website Documentation Guidebook
Co|Create Website Documentation GuidebookJon Wretlind, BFA, MDiv
 
BizTalk: Server, Services and Apps
BizTalk: Server, Services and AppsBizTalk: Server, Services and Apps
BizTalk: Server, Services and AppsSandro Pereira
 
Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Mail migration to office 365 optimizing the mail migration throughput - par...
Mail migration to office 365 optimizing the mail migration throughput - par...Eyal Doron
 
TAM-2012-14 GMS Elathur Sengottai -Health is Wealth
TAM-2012-14 GMS Elathur Sengottai -Health is WealthTAM-2012-14 GMS Elathur Sengottai -Health is Wealth
TAM-2012-14 GMS Elathur Sengottai -Health is Wealthdesignforchangechallenge
 
Exchange clients and their public facing exchange server part 13#36
Exchange clients and their public facing exchange server part 13#36Exchange clients and their public facing exchange server part 13#36
Exchange clients and their public facing exchange server part 13#36Eyal Doron
 
Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Exchange infrastructure implementing single domain namespace scheme part 2#...
Exchange infrastructure implementing single domain namespace scheme part 2#...Eyal Doron
 
Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...
Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...
Aletras, Nikolaos and Stevenson, Mark (2013) "Evaluating Topic Coherence Us...pathsproject
 
Canciones del colegio
Canciones del colegioCanciones del colegio
Canciones del colegioTrini Martínez Ballesteros
 
IND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEAIND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEAdesignforchangechallenge
 
Presentatie bibnet
Presentatie bibnetPresentatie bibnet
Presentatie bibnetBramStarckx
 
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...pathsproject
 
Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015bibliotecasjuliomartins
 
User-Centred Design to Support Exploration and Path Creation in Cultural Her...
User-Centred Design to Support Exploration and Path Creation in Cultural Her... User-Centred Design to Support Exploration and Path Creation in Cultural Her...
User-Centred Design to Support Exploration and Path Creation in Cultural Her...pathsproject
 
PATHS at the eCult dialogue day 2013
PATHS at the eCult dialogue day 2013PATHS at the eCult dialogue day 2013
PATHS at the eCult dialogue day 2013pathsproject
 
PATHS Evaluation of the 1st paths prototype
PATHS Evaluation of the 1st paths prototypePATHS Evaluation of the 1st paths prototype
PATHS Evaluation of the 1st paths prototypepathsproject
 
PATHS Functional specification first prototype
PATHS Functional specification first prototypePATHS Functional specification first prototype
PATHS Functional specification first prototypepathsproject
 
Implementing Recommendations in the PATHS system, SUEDL 2013
Implementing Recommendations in the PATHS system, SUEDL 2013Implementing Recommendations in the PATHS system, SUEDL 2013
Implementing Recommendations in the PATHS system, SUEDL 2013pathsproject
 
De-list your organization from a blacklist | My E-mail appears as spam | Part...
De-list your organization from a blacklist | My E-mail appears as spam | Part...De-list your organization from a blacklist | My E-mail appears as spam | Part...
De-list your organization from a blacklist | My E-mail appears as spam | Part...Eyal Doron
 
PATHS system architecture
PATHS system architecturePATHS system architecture
PATHS system architecturepathsproject
 
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...designforchangechallenge
 
Comparing taxonomies for organising collections of documents presentation
Comparing taxonomies for organising collections of documents presentationComparing taxonomies for organising collections of documents presentation
Comparing taxonomies for organising collections of documents presentationpathsproject
 
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperGenerating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperpathsproject
 
PATHS Second prototype-functional-spec
PATHS Second prototype-functional-specPATHS Second prototype-functional-spec
PATHS Second prototype-functional-specpathsproject
 
6 Key Stages to CIF Self-Certified Status_v1.3 DR1115
6 Key Stages to CIF Self-Certified Status_v1.3 DR11156 Key Stages to CIF Self-Certified Status_v1.3 DR1115
6 Key Stages to CIF Self-Certified Status_v1.3 DR1115Jason Wyatt
 
GuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideGuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideVision Concepts Infrastructure Services Solution
 
Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments Thomas Poett
 
FLS_EA_Checklist_AppName_v5.pptx
FLS_EA_Checklist_AppName_v5.pptxFLS_EA_Checklist_AppName_v5.pptx
FLS_EA_Checklist_AppName_v5.pptxssuser7b9cdf
 
Cloudhub 2.0
Cloudhub 2.0Cloudhub 2.0
Cloudhub 2.0Christopher Co
 
Migrating from Big Data Architecture to Spring Cloud
Migrating from Big Data Architecture to Spring CloudMigrating from Big Data Architecture to Spring Cloud
Migrating from Big Data Architecture to Spring CloudVMware Tanzu
 
Trusted Cloud Initiative: Identity Management Research
Trusted Cloud Initiative: Identity Management ResearchTrusted Cloud Initiative: Identity Management Research
Trusted Cloud Initiative: Identity Management Researchguestba832ad
 

Mais conteúdo relacionado

Destaque

Presentatie bibnet
Presentatie bibnetPresentatie bibnet
Presentatie bibnetBramStarckx
 
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...pathsproject
 
Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015bibliotecasjuliomartins
 
User-Centred Design to Support Exploration and Path Creation in Cultural Her...
User-Centred Design to Support Exploration and Path Creation in Cultural Her... User-Centred Design to Support Exploration and Path Creation in Cultural Her...
User-Centred Design to Support Exploration and Path Creation in Cultural Her...pathsproject
 
PATHS at the eCult dialogue day 2013
PATHS at the eCult dialogue day 2013PATHS at the eCult dialogue day 2013
PATHS at the eCult dialogue day 2013pathsproject
 
PATHS Evaluation of the 1st paths prototype
PATHS Evaluation of the 1st paths prototypePATHS Evaluation of the 1st paths prototype
PATHS Evaluation of the 1st paths prototypepathsproject
 
PATHS Functional specification first prototype
PATHS Functional specification first prototypePATHS Functional specification first prototype
PATHS Functional specification first prototypepathsproject
 
Implementing Recommendations in the PATHS system, SUEDL 2013
Implementing Recommendations in the PATHS system, SUEDL 2013Implementing Recommendations in the PATHS system, SUEDL 2013
Implementing Recommendations in the PATHS system, SUEDL 2013pathsproject
 
De-list your organization from a blacklist | My E-mail appears as spam | Part...
De-list your organization from a blacklist | My E-mail appears as spam | Part...De-list your organization from a blacklist | My E-mail appears as spam | Part...
De-list your organization from a blacklist | My E-mail appears as spam | Part...Eyal Doron
 
PATHS system architecture
PATHS system architecturePATHS system architecture
PATHS system architecturepathsproject
 
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...designforchangechallenge
 
Comparing taxonomies for organising collections of documents presentation
Comparing taxonomies for organising collections of documents presentationComparing taxonomies for organising collections of documents presentation
Comparing taxonomies for organising collections of documents presentationpathsproject
 
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperGenerating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperpathsproject
 
PATHS Second prototype-functional-spec
PATHS Second prototype-functional-specPATHS Second prototype-functional-spec
PATHS Second prototype-functional-specpathsproject
 

Destaque (15)

IND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEAIND-2012-287 Anando -MILKY IDEA
IND-2012-287 Anando -MILKY IDEA
 
Presentatie bibnet
Presentatie bibnetPresentatie bibnet
Presentatie bibnet
 
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
PATHSenrich: A Web Service Prototype for Automatic Cultural Heritage Item Enr...
 
Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015Boletim informativo novembro/dezembro 2015
Boletim informativo novembro/dezembro 2015
 
User-Centred Design to Support Exploration and Path Creation in Cultural Her...
User-Centred Design to Support Exploration and Path Creation in Cultural Her... User-Centred Design to Support Exploration and Path Creation in Cultural Her...
User-Centred Design to Support Exploration and Path Creation in Cultural Her...
 
PATHS at the eCult dialogue day 2013
PATHS at the eCult dialogue day 2013PATHS at the eCult dialogue day 2013
PATHS at the eCult dialogue day 2013
 
PATHS Evaluation of the 1st paths prototype
PATHS Evaluation of the 1st paths prototypePATHS Evaluation of the 1st paths prototype
PATHS Evaluation of the 1st paths prototype
 
PATHS Functional specification first prototype
PATHS Functional specification first prototypePATHS Functional specification first prototype
PATHS Functional specification first prototype
 
Implementing Recommendations in the PATHS system, SUEDL 2013
Implementing Recommendations in the PATHS system, SUEDL 2013Implementing Recommendations in the PATHS system, SUEDL 2013
Implementing Recommendations in the PATHS system, SUEDL 2013
 
De-list your organization from a blacklist | My E-mail appears as spam | Part...
De-list your organization from a blacklist | My E-mail appears as spam | Part...De-list your organization from a blacklist | My E-mail appears as spam | Part...
De-list your organization from a blacklist | My E-mail appears as spam | Part...
 
PATHS system architecture
PATHS system architecturePATHS system architecture
PATHS system architecture
 
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
IND-2012-243 DAV Public School, Kansbahal -Wonders of Herbs - A journey towar...
 
Comparing taxonomies for organising collections of documents presentation
Comparing taxonomies for organising collections of documents presentationComparing taxonomies for organising collections of documents presentation
Comparing taxonomies for organising collections of documents presentation
 
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paperGenerating Paths through Cultural Heritage Collections, LATECH 2013 paper
Generating Paths through Cultural Heritage Collections, LATECH 2013 paper
 
PATHS Second prototype-functional-spec
PATHS Second prototype-functional-specPATHS Second prototype-functional-spec
PATHS Second prototype-functional-spec
 

Semelhante a Public san certificate deprecated support in the internal server name part 19#36

6 Key Stages to CIF Self-Certified Status_v1.3 DR1115
6 Key Stages to CIF Self-Certified Status_v1.3 DR11156 Key Stages to CIF Self-Certified Status_v1.3 DR1115
6 Key Stages to CIF Self-Certified Status_v1.3 DR1115Jason Wyatt
 
Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments Thomas Poett
 
FLS_EA_Checklist_AppName_v5.pptx
FLS_EA_Checklist_AppName_v5.pptxFLS_EA_Checklist_AppName_v5.pptx
FLS_EA_Checklist_AppName_v5.pptxssuser7b9cdf
 
Migrating from Big Data Architecture to Spring Cloud
Migrating from Big Data Architecture to Spring CloudMigrating from Big Data Architecture to Spring Cloud
Migrating from Big Data Architecture to Spring CloudVMware Tanzu
 
Trusted Cloud Initiative: Identity Management Research
Trusted Cloud Initiative: Identity Management ResearchTrusted Cloud Initiative: Identity Management Research
Trusted Cloud Initiative: Identity Management Researchguestba832ad
 
IRJET- Proficient Business Solutions through Cloud Services
IRJET- Proficient Business Solutions through Cloud ServicesIRJET- Proficient Business Solutions through Cloud Services
IRJET- Proficient Business Solutions through Cloud ServicesIRJET Journal
 
Lattice: A Cloud-Native Platform for Your Spring Applications
Lattice: A Cloud-Native Platform for Your Spring ApplicationsLattice: A Cloud-Native Platform for Your Spring Applications
Lattice: A Cloud-Native Platform for Your Spring ApplicationsMatt Stine
 
Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...
Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...
Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...LicensingLive! - SafeNet
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCisco DevNet
 
How to Realize the Benefits of Cloud Services Brokerage
How to Realize the Benefits of Cloud Services BrokerageHow to Realize the Benefits of Cloud Services Brokerage
How to Realize the Benefits of Cloud Services Brokeragejamcracker4677
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsSalesforce Developers
 
Cisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network InfrastructureCisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network Infrastructuredaxtindavon
 
Data Modernization for Spring-Based Microservices on Pivotal Platform
Data Modernization for Spring-Based Microservices on Pivotal PlatformData Modernization for Spring-Based Microservices on Pivotal Platform
Data Modernization for Spring-Based Microservices on Pivotal PlatformVMware Tanzu
 
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...Club Cloud des Partenaires
 
NH .Net Code Camp 2010 - Silverlight business applications
NH .Net Code Camp 2010 - Silverlight business applicationsNH .Net Code Camp 2010 - Silverlight business applications
NH .Net Code Camp 2010 - Silverlight business applicationsJohn Garland
 
Mds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introMds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introDavid Scruggs
 
cFactory v4 Launch Workshop for Partners
cFactory v4 Launch Workshop for PartnerscFactory v4 Launch Workshop for Partners
cFactory v4 Launch Workshop for PartnersHenk Uyttenhove
 

Semelhante a Public san certificate deprecated support in the internal server name part 19#36 (20)

6 Key Stages to CIF Self-Certified Status_v1.3 DR1115
6 Key Stages to CIF Self-Certified Status_v1.3 DR11156 Key Stages to CIF Self-Certified Status_v1.3 DR1115
6 Key Stages to CIF Self-Certified Status_v1.3 DR1115
 
GuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria GuideGuideIT Customer Success Criteria Guide
GuideIT Customer Success Criteria Guide
 
Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments Lync Certificate Planning and Assignments
Lync Certificate Planning and Assignments
 
FLS_EA_Checklist_AppName_v5.pptx
FLS_EA_Checklist_AppName_v5.pptxFLS_EA_Checklist_AppName_v5.pptx
FLS_EA_Checklist_AppName_v5.pptx
 
Cloudhub 2.0
Cloudhub 2.0Cloudhub 2.0
Cloudhub 2.0
 
Migrating from Big Data Architecture to Spring Cloud
Migrating from Big Data Architecture to Spring CloudMigrating from Big Data Architecture to Spring Cloud
Migrating from Big Data Architecture to Spring Cloud
 
Trusted Cloud Initiative: Identity Management Research
Trusted Cloud Initiative: Identity Management ResearchTrusted Cloud Initiative: Identity Management Research
Trusted Cloud Initiative: Identity Management Research
 
IRJET- Proficient Business Solutions through Cloud Services
IRJET- Proficient Business Solutions through Cloud ServicesIRJET- Proficient Business Solutions through Cloud Services
IRJET- Proficient Business Solutions through Cloud Services
 
Lattice: A Cloud-Native Platform for Your Spring Applications
Lattice: A Cloud-Native Platform for Your Spring ApplicationsLattice: A Cloud-Native Platform for Your Spring Applications
Lattice: A Cloud-Native Platform for Your Spring Applications
 
Soap toolkits
Soap toolkitsSoap toolkits
Soap toolkits
 
Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...
Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...
Bringing to Market a Successful Cloud Service - Knowing When to Partner, When...
 
Create B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overviewCreate B2B Exchanges with Cisco Connected Processes: an overview
Create B2B Exchanges with Cisco Connected Processes: an overview
 
How to Realize the Benefits of Cloud Services Brokerage
How to Realize the Benefits of Cloud Services BrokerageHow to Realize the Benefits of Cloud Services Brokerage
How to Realize the Benefits of Cloud Services Brokerage
 
TrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer HighlightsTrailheaDX and Summer '19: Developer Highlights
TrailheaDX and Summer '19: Developer Highlights
 
Cisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network InfrastructureCisco: Deploying a Virtualized Campus Network Infrastructure
Cisco: Deploying a Virtualized Campus Network Infrastructure
 
Data Modernization for Spring-Based Microservices on Pivotal Platform
Data Modernization for Spring-Based Microservices on Pivotal PlatformData Modernization for Spring-Based Microservices on Pivotal Platform
Data Modernization for Spring-Based Microservices on Pivotal Platform
 
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
2012.05.11 - Cloud Infrastructure Providers - RV des Experts - 9ème Forum du ...
 
NH .Net Code Camp 2010 - Silverlight business applications
NH .Net Code Camp 2010 - Silverlight business applicationsNH .Net Code Camp 2010 - Silverlight business applications
NH .Net Code Camp 2010 - Silverlight business applications
 
Mds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce introMds cloud saturday 2015 salesforce intro
Mds cloud saturday 2015 salesforce intro
 
cFactory v4 Launch Workshop for Partners
cFactory v4 Launch Workshop for PartnerscFactory v4 Launch Workshop for Partners
cFactory v4 Launch Workshop for Partners
 

Mais de Eyal Doron

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2Eyal Doron
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...Eyal Doron
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Eyal Doron
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Eyal Doron
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...Eyal Doron
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comEyal Doron
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...Eyal Doron
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Eyal Doron
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Eyal Doron
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Eyal Doron
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Eyal Doron
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Eyal Doron
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Eyal Doron
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Eyal Doron
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Eyal Doron
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Eyal Doron
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Eyal Doron
 

Mais de Eyal Doron (20)

How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2How to simulate spoof e mail attack and bypass spf sender verification - 2#2
How to simulate spoof e mail attack and bypass spf sender verification - 2#2
 
How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...How does sender verification work how we identify spoof mail) spf, dkim dmar...
How does sender verification work how we identify spoof mail) spf, dkim dmar...
 
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
Dealing with the threat of spoof and phishing mail attacks part 6#9 | Eyal ...
 
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
Why our mail system is exposed to spoof and phishing mail attacks part 5#9 |...
 
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
What is the meaning of mail phishing attack in simple words part 4#9 | Eyal...
 
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.comWhat is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
What is so special about spoof mail attack part 3#9 | Eyal Doron | o365info.com
 
What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...What are the possible damages of phishing and spoofing mail attacks part 2#...
What are the possible damages of phishing and spoofing mail attacks part 2#...
 
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...Dealing with a spoof mail attacks and phishing mail attacks a little story ...
Dealing with a spoof mail attacks and phishing mail attacks a little story ...
 
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7Exchange In-Place eDiscovery & Hold | Introduction | 5#7
Exchange In-Place eDiscovery & Hold | Introduction | 5#7
 
Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...Mail migration to office 365 measure and estimate mail migration throughput...
Mail migration to office 365 measure and estimate mail migration throughput...
 
Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...Mail migration to office 365 factors that impact mail migration performance...
Mail migration to office 365 factors that impact mail migration performance...
 
Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4Mail migration to office 365 mail migration methods - part 1#4
Mail migration to office 365 mail migration methods - part 1#4
 
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
Smtp relay in office 365 environment troubleshooting scenarios - part 4#4
 
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
Stage migration, exchange and autodiscover infrastructure part 1#2 part 35#36
 
Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36Autodiscover flow in an office 365 environment part 3#3 part 31#36
Autodiscover flow in an office 365 environment part 3#3 part 31#36
 
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
Autodiscover flow in an exchange hybrid environment part 1#3 part 32#36
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...Autodiscover flow in an exchange on premises environment non-active director...
Autodiscover flow in an exchange on premises environment non-active director...
 
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...Outlook test e mail auto configuration autodiscover troubleshooting tools p...
Outlook test e mail auto configuration autodiscover troubleshooting tools p...
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Public san certificate deprecated support in the internal server name part 19#36

  • 1. Page 1 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Public SAN certificate | Deprecated support in the internal server name | Part 19#36 In the current article, we will review the subject of – “Invalid Fully Qualified Domain Names” in SAN certificate. The interesting thing is that at the current time (2014), there is not too much public information about this subject, but although this subject seems to be minor and not “cool”, the Implications of this new standard could be quite dramatic and serious. Allowing myself to be a little dramatic, I relate to the new public certificate standard as the- “The revolution of 1 November 2015”.
  • 2. Page 2 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 As of the date of – 1 November 2015, there will be no option to enroll in a new public certificate or renew existing public certificate that includes Non-unique names. In other words – you will not be able to publish internal or external host who provides a specific service by using a certificate that includes Non-unique names. And as usual, in this stage, there are many relevant questions that could appear: Q1. What is the meaning of Invalid Fully Qualified Domain Names? Q2. What is the meaning of Non-unique names? Q3. What are the relations or the connection to SAN certificate? Q4. To what organization services, and infrastructures does this issue relate? Q5. How to prepare myself for this change? I will try to answer some of this question in details in the following section, but, regarding question number 4 – “To what organization services and infrastructures does this issue relate”, is important to emphasize that this subject is huge, and the answer can relate to Dozens or even hundreds of different services but in the current article I relate mainly to the Microsoft Exchange server infrastructure.
  • 3. Page 3 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Regarding question number 5 – the “how part” answer appears in more details in the former article – Exchange infrastructure | Implementing single domain namespace scheme | Part 2#2 | Part 18#36 Note – despite the “declaration” about the relevance of the Exchange infrastructure, most of the information is relevant for any other infrastructure and even for non- Microsoft operating systems. WHY SHOULD I CARE ABOUT THE SUBJECT OF – PUBLIC SAN CERTIFICATE | DEPRECATED SUPPORT IN – INTERNAL SERVER NAME? (NON-UNIQUE NAMES)? As mentioned, the subject at the end of support for the Internal server name in the Public SAN certificate, doesn’t make too much noise, but it is a very important subject that relates to the most basic organizing services and infrastructure begging with the websites, Exchange infrastructure and much more. Q: In the case that I would prefer to ignore this subject, what could be the consequence? A: I’m not a prophet, but I can predict that the consequence could be begging from annoying, up to be catastrophic.
  • 4. Page 4 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 As an IT administrator or, as an Exchange server infrastructure advisor, you owe yourself and your users to be familiar with the “new public certificate standard”, understand the meaning of this standard, plan for the required changes and implemented the changesupdates before the last day.
  • 5. Page 5 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 So what is all about? The rustling and rattling is about the fact that in case that organization infrastructure such as Exchange CAS server use an SAN certificate that includes a single host name or an FQDN with a private domain name, you will not be able to renew this certificate as of the date 1 November 2015.
  • 6. Page 6 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Another way to show the reluctance of the CA/Browser Forum – Public SAN certificate that includes Internal Server name? (Non-unique names) appears in the following picture.
  • 7. Page 7 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Note – I must admit that I have I got carried away but, I could not resist the temptation of adding this wonderful cat picture! Q1: Who is the persona that makes my life so hard? A1: CA/Browser Forum Q2: Who isareit the CA/Browser Forum? A2: The definition that appears in Wikipedia is: The Certification Authority Browser Forum, also known as the CA / Browser Forum, is a voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of X.509 v. 3 digital certificates that chain to a trust anchor embedded in such applications.
  • 8. Page 8 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Its guidelines cover certificates used for the SSL/TLS protocol and code signing, as well as system and network security of certificate authorities. As of July 2013, the CA/Browser Forum includes over 30 Certificate Authority members and the following five Internet Browser Software Vendors: Microsoft (Internet Explorer), Apple (Safari), Mozilla (Firefox), Google (Chrome), and Opera. [Source of information CA/Browser Forum] The point – we should need to this “Forum” very seriousness! For more information, you can visit the CA/Browser Forum website (cabforum) Q: What is the reason to stop using the internal name in my public certificate? A: The reason that is given for the change is that the internal server names are not unique and therefore easy to falsify. With common names like server01 or webmail, the end user is never sure if it is actually dealing with the right party or with a malicious. The changing legislation for SSL Certificates shall start on 1 November 2015. This means, from that date, the invalid Fully-Qualified Domain Names (hereafter called FQDN) will no longer be accepted at the standard of the CA/Browser Forum and after that date such certificates may no longer be issued. All certificates issued after 1 November 2015 and meet this qualification will be revoked upon discovery. [Source of information – Global changes in legislation regarding SAN SSL Certificates]
  • 9. Page 9 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In November 2011, the CA/Browser Forum (CA/B) adopted Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates that took effect on July 1, 2012. These requirements state: As of the Effective Date of these Requirements, prior to the issuance of a Certificate with a Subject Alternative Name (SAN) extension or Subject Common Name field containing a Reserved IP Address or Internal Server Name, the CA shall notify the Applicant that the use of such Certificates has been deprecated by the CA / Browser Forum and that the practice will be eliminated by October 2016. Also as of the Effective Date, the CA shall not issue a certificate with an Expiry Date later than 1 November 2015 with a SAN or Subject Common Name field containing a Reserved IP Address or Internal Server Name. As from 1 October 2016, CAs shall revoke all unexpired Certificates.” “Because of these new requirements, Certificate Authorities (CAs) must immediately begin to phase out the issuance of SSL Certificates for internal server names or reserved IP addresses and eliminate (revoke) any certificates containing internal names by October 2016. In addition, the baseline requirements prevent CAs from issuing internal name certificates that expire after November 1, 2015. After 2015 it will be impossible to obtain a publicly-trusted certificate for any host name that cannot be externally verified. [Source of information – SSL Certificates for Internal Server Names] What is an SAN public certificate? The simple explanation for the term “SAN certificate” is – a public certificate that includes a list of one or more hosts names, which are “entitled” to use the specific certificate.
  • 10. Page 10 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 For example, an SAN certificate that includes the host name – mail.o365info.com When we need to implement secure communication channel using protocols such as HTTPS, the “server side” proves his identity to the client by presenting an “approved” certificate. For example – when a client address host named mail.o365info.com, the server will reply by proving the client a certificate, which include the host name in the “Subject Alternative Name” filed. In case that the host name doesn’t appear upon the certificate, the certificate considered as not valid.
  • 11. Page 11 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 The formal definition of an SAN certificate as it appears in Wikipedia is: SubjectAltName (SAN) is an extension to X.509 that allows various values to be associated with a security certificate. These values are called “Subject Alternative Names”, or SANs. Names include:  E-mail addresses  IP addresses  URIs  DNS names (Otherwise often given as a Common Name RDN within the Subject)
  • 12. Page 12 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015  directory names (alternative Distinguished Names to that given in the Subject)  other names, given as a General Name – an registered object identifier followed by a value.  SubjectAltName [Source of information: SubjectAltName] WHY DOES THE USE OF THE INTERNAL SERVER NAME (NON-UNIQUE NAMES) COULD BE TRANSLATED INTO A SECURITY RISK Using an Internal Server name? (Non-unique names) is a public SAN certificate can lead to a scenario of the security vulnerability or exploit. Regarding the subject of security vulnerability, I choose to make my life easier and provide the answer for this question by using a very clear and informative PDF that was published by the CA/Browser Forum named –Guidance on the Deprecation of Internal Server Certification Authorities enable the establishment of trust on the Internet by issuing certificates that bind cryptographic public key material to verify identities” “The key distinction between the two types of names and addresses is uniqueness. A fully qualified domain name like “www.cabforum.org” represents a unique and Distinct identity on the Internet (even if multiple servers respond to that name, the control of that name belongs to a single entity). In contrast, at any given time, there may be thousands of systems on public and private networks that could respond to the unqualified name “www”. Only one logical host on the Internet has the IP address “97.74.42.11”, while there are tens of thousands of home Internet gateways that have the address “192.168.0.1”
  • 13. Page 13 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 “The purpose of certificates issued by publicly trusted Certification Authorities is to provide trust in names across the scope of the entire Internet. Non-unique names, by their very nature, cannot be attested to outside their local context, and such certificates can be dangerously misused, so, as of the effective date of the BR 1.0, issuance of certificates for non-unique names and addresses, such as “www”, “www.local”, or “192.168.0.1” is deprecated. What are Non-unique Names? Well, this is the tricky part because we need to explain an Intangible concept and additionally, there are many parallel words, which described the similar or the same concept. The main subject of this article, relate to the new standard of public SAN certificate that states that – in the very near future (1 November 2015) a there is not support for Non-Unique Names or Invalid Fully Qualified Domain Names.
  • 14. Page 14 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 In the following diagram, we can see a list of – ”Non-unique Names”, that will be considered as “not allowed” or not supported in an SAN public certificate beginning with 1 November 2015
  • 15. Page 15 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Let’s admits, the term – ”Non-unique Names” is a little vague. The reason for this ambiguity is because the term – ”Non-unique Names”, can be translated or converted into a couple of parallel terms. To clarify this term, let’s use a basic classification for two name space categories: Single name address space verse FQDN (Fully qualified Doman Name) address space. 1. Single name address space The “Single names address space” and all of the above terms, describe a naming convention that is based on a single name. This is that exact naming convention that we use for our personal name. Each of us, have a personal name, but we cannot relate to this name as a “unique identifier” because, there is a very a reasonable chance, that other people use this name. In the network environment, we can refer to a host by using a single name address space. This method of relating to a specific host by using a Single name address space described also by using the following terms:
  • 16. Page 16 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015  Internal Server Name  Single Host name  Local names  Short Name  NetBIOS Name  Link-Local Multicast Name 2. FQDN (Fully Qualified Doman Name) address space The term FQDN (fully qualified domain name) defines, as the name implies, a “Full name” that is built from a host name + Domain name suffix. Each of these “parts” in a FQDN name is not unique, but the combination of host name and the domain name create a “unique name” or a Fully Qualified Doman Name. The term – ”FQDN” can also be dived to two main categories: 1. Public FQDN A public FQDN is a host name who has a public domain name suffix. There could be a couple of formal definitions for the term- “public domain name” but if we want to make it simple, the meaning is a domain that was purchased from a public ISPProviders who sell public domain names. The public domain name should be registered, so after we have purchased the public domain name, nobody else can buy this domain name. 2. Private FQDN The term – “private FQDN”, describe a FQDN name who uses a domain suffix that considers as private or, not public domain names suffix. The advantage of a private domain name suffix is that is free and everybody is “allowed” to use it. The only issue is that the private domain name, can only be used in an internal network. In other words, we cannot publish a host in the public network by using a FQDN that includes a private domain name.
  • 17. Page 17 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 When relating to Active Directory domain name, the common practice was to “segregate” the internal organization’s network from the public network, by using a private domain name for the Active Directory. The “theory” was that – we should separate and segregate internal host from the public network by providing them a private name who cannot be published on the public network and by doing so, protecting this host from malicious elements. Public SAN certificate | Deprecated support in – Internal Server name? (Non-unique names) In this section, I would like to review the subject of the CA/Browser Forum announcement about- baseline requirements for the Issuance and management of publicly trusted Certificates and Deprecated support in: Internal Server name? (Non-unique names) that will start in 1 November 2015. Let’s start with the explanation of the term- Internal Server name (Non-unique names). The “translation” of this term could be:  Single name  FQDN name with a private domain name
  • 18. Page 18 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 1. Single name One translation of the term- “Internal Server name”? (Non-unique names) is – host name who uses a “single name space” as the host name. An example for such as host name is the server named- mail In the diagram, we can see additional synonym for the term “Single host name” such as- Local names, Short Name etc. This type of a host name, will be no longer supported when using an SAN public certificate as of the date 1 November 2015.
  • 19. Page 19 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 2. FQDN name with a private domain name. The second “translation” of the term “Internal Server name”? (Non-unique names) is – FQDN name who uses a private domain name suffix. The new standard of the public SAN certificate will not support host name who uses a domain name suffix that is not a public domain name suffix. Additional synonyms for this type of host FQDN are:  Invalid Fully Qualified Domain Name  Unregistered Domain Name  Private Domain Name
  • 20. Page 20 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015 Additional reading Information about the new standard – cabforum  Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.0  Guidance on the Deprecation of Internal Server General Information about the new standard  CA:Problematic Practices  Invalid Fully Qualified Domain Names no longer accepted in Subject Alternative Names (SANS) in SSL certficates  Modify .local in Exchange 2010  Global changes in legislation regarding SAN SSL Certificates
  • 21. Page 21 of 21 |Public SAN certificate | Deprecated support in the internal server name | Part 19#36 Written by Eyal Doron | o365info.com | Copyright © 2012-2015  No internal server names on SAN certificates after 2015 – where are the procedures? Information from public CA companies  SSL Certificates for Internal Server Names  Unqualified Names in the SSL Observatory  Fully-qualified Nonsense in the SSL Observatory  Root Zone Database