"憑證的一般名稱或主體別名包含內部名稱。"
業界標準禁止憑證授權單位發行內部名稱的憑證 (請參閱用於內部伺服器名稱的 SSL 憑證)。內部名稱是私人網路的一部份的一個 IP 位址或網域 (請參閱 RFC 2606)。由於無法在外部確認,因此無法完成內部名稱的驗證。
此外,非唯一的內部名稱會有太多惡意錯用的可能性。例如,CA 可以發行公用受信任的憑證給公司用於 https://mail/。由於此名稱不是唯一名稱,因此任何別人都可以取得用於 https://mail/ 的憑證。
如果您是使用內部名稱的伺服器系統管理員,您需要重新設定伺服器以使用公用名稱,或切換到內部憑證授權單位發行的憑證。所有需要公開信任憑證的內部連線,都必須透過公開和可確認的名稱完成 (如果那些服務是公開可使用的則不用)。
視您的環境中的應用而定,您可能可以將應用程式重新設定為不需要內部名稱。
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.