"The certificate's Common Name or Subject Alternative Names contains an internal name."
Industry standards prohibit Certificate Authorities (CAs) from issuing certificates to internal names (see SSL Certificates for Internal Server Names). An internal name is an IP address or domain that is part of a private network (see RFC 2606). Validation can't be completed for internal names because they can't be externally verified.
Additionally, non-unique internal names carry too much potential for malicious misuse. For example, a CA can issue a publicly-trusted certificate to a company for https://mail/. Because this name is not a unique name, anyone else can get a certificate for https://mail/.
If you are a server admin using internal names, you need to either reconfigure those servers to use a public name, or switch to a certificate issued by an internal Certificate Authority. All internal connections that require a publicly-trusted certificate must be done through names that are public and verifiable (it doesn't matter if those services are publicly accessible).
Depending on the applications in your environment, you may be able to reconfigure the application to not require internal names.
DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.
©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.