What is Intranet Server Certificate Certification Authority (ISCCA) CA SHA-256?

Posted on 2014-08-03
Medium Priority
Last Modified: 2014-09-16
What is Intranet Server Certificate Certification Authority (ISCCA) CA SHA-256?
Question by:litmic
LVL 65

Accepted Solution

btan earned 915 total points
ID: 40239241
If you use SSL certificates on intranet sites with internal server names, they may not work from 11 November 2015.  ref - https://cabforum.org/internal-names/

For internal names not covered by the above-referenced ICANN gTLD process, on November 11, 2015, the issuance of certificates with a reserved IP address or internal server name is prohibited.  On October 1, 2016, all publicly trusted SSL/TLS certificates with an internal name or reserved IP address will be revoked and/or blocked by browser software.

Imagine you have a server on your network. It may have an IP address that is resolvable on the internet, but it’s more likely to have an address that is only valid on the local network, such as It is also likely to have a domain name that is only resolvable on the local network, such as https://intranet.local or https://mail.

Certification Authority/Browser Forum (CA/B Forum) have decided to cease issuing certificates without a Fully Qualified Domain Name (FQDN).

And the so called "ISCCA SHA-256" is saying minimal SHA-256 for CA certificate to be issued. The CA SHALL meet the technical requirements set forth in Appendix A - Cryptographic Algorithm and Key Requirements - ref v1.1.8 baseline from CA Forum- https://cabforum.org/wp-content/uploads/Baseline_Requirements_V1_1_8.pdf

e.g. Digest algorithm for Root CA Certificates, Subordinate CA Certificates, Subscriber Certificates

* SHA-1 MAY be used with RSA keys until SHA-256 is supported widely by browsers used by a substantial
portion of relying-parties worldwide.

** A Root CA Certificate issued prior to 31 Dec. 2010 with an RSA key size less than 2048 bits MAY still serve as
a trust anchor for Subscriber Certificates issued in accordance with these Requirements.

Expert Comment

ID: 40325952
I have a 2012 R2 server running Certificate Authority snap-in.
I want to do a filter on a specific Certificate Template which i know exists in the 'Issued Certificates' folder.
All the documentation i can find seems to suggest i copy the certificate name and use this in the View Filter.
1). I add the 'Certificate Template' option into the Field drop-down.
2). I leave the Operation as the '=' symbol
3). I past in just the name of the template in question. for example: 'my computers'

The search results always come back blank 'There are no items to show in this view.' even when i know there are many instances of this template.

Anybody know what i'm doing wrong?
I seem to be getting nowhere with this one.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question