SSL Certificates for Internal Servers

Encrypt Internal Servers with DigiCert SSL

SSL certificates can be used in many areas, including internal server encryption.

On the back-end, database servers, CRM servers, application servers, backup servers, mail servers are some of the commonly used internal servers. Whether you have one or more servers, DigiCert SSL has a solution to encrypt all of them.

See below on a full range of products that is compatible with internal servers:

 SSL Plus Certificates

SSL Certificate that secures a single-name, with and without the ‘www’ suffix

Learn more about SSL Plus

 EV Certificates

Extended Validation (EV) Certificates secure a single domain name and comes with an added feature of displaying the organization’s name on the address bar.

Learn more about EV Certificates

 Multi-Domain (SAN) Certificates

Unified Communications (UC) Certificates i.e multi-domain certificates can secure up to 25 different domains as Subject Alternative Names (SANS). The base price includes 4 domains with the others to be purchased separately.

Learn more about Multi-Domain (SAN) Certificates

ev multi domain EV Multi-Domain Certificates

EV Multi-Domain Certificates are for those who wish to secure multiple domains with the green bar of assurance. Similar to UC Certificate, but better.

Learn more about EV Multi-Domain Certificates

 Wildcard SSL Certificates

Wildcard SSL Certificate uses Subject Alternative Names (SANs) to secure a domain and multiple subdomains.  

Learn more about Wildcard Certificates


All publicly trusted SSL Certificates issued to internal names and reserved IP addresses will expire before November 1, 2015. Certificate Authorities (CAs) will have to revoke any certificates containing internal names by October 2016.

What is an Internal Name?

An internal name is a domain or IP address that is part of a private network. Common examples of internal names are:

  • Any server names with a non-public domain name suffix. For example, or
  • NetBIOS names or short hostnames, anything without a public domain. For example, Web1, ExchCAS1, or Frodo.
  • Any IPv4 address in the RFC 1918 range.
  • Any IPv6 address in the RFC 4193 range.

What does this mean for you?

If you are a server admin using internal names, you need to either reconfigure those servers to use a public name or switch to a certificate issued by an internal CA before the 2015 cutoff date. All internal connections that require a publicly-trusted certificate must be done through names that are public and verifiable (it does not matter if those services are publicly accessible).

Please note that in June 2011, ICANN approved the New Generic Top-Level Domain Program (gTLD) which allows organizations, individuals, and governments to apply for top-level namespaces. This will affect many SSL Certificates for internal names before the internal name cutoff date.