What is Intranet Server Certificate Certification Authority (ISCCA) CA SHA-256?

Posted on 2014-08-03
Last Modified: 2014-09-16
What is Intranet Server Certificate Certification Authority (ISCCA) CA SHA-256?
Question by:litmic
    LVL 60

    Accepted Solution

    If you use SSL certificates on intranet sites with internal server names, they may not work from 11 November 2015.  ref -

    For internal names not covered by the above-referenced ICANN gTLD process, on November 11, 2015, the issuance of certificates with a reserved IP address or internal server name is prohibited.  On October 1, 2016, all publicly trusted SSL/TLS certificates with an internal name or reserved IP address will be revoked and/or blocked by browser software.

    Imagine you have a server on your network. It may have an IP address that is resolvable on the internet, but it’s more likely to have an address that is only valid on the local network, such as It is also likely to have a domain name that is only resolvable on the local network, such as https://intranet.local or https://mail.

    Certification Authority/Browser Forum (CA/B Forum) have decided to cease issuing certificates without a Fully Qualified Domain Name (FQDN).

    And the so called "ISCCA SHA-256" is saying minimal SHA-256 for CA certificate to be issued. The CA SHALL meet the technical requirements set forth in Appendix A - Cryptographic Algorithm and Key Requirements - ref v1.1.8 baseline from CA Forum-

    e.g. Digest algorithm for Root CA Certificates, Subordinate CA Certificates, Subscriber Certificates

    * SHA-1 MAY be used with RSA keys until SHA-256 is supported widely by browsers used by a substantial
    portion of relying-parties worldwide.

    ** A Root CA Certificate issued prior to 31 Dec. 2010 with an RSA key size less than 2048 bits MAY still serve as
    a trust anchor for Subscriber Certificates issued in accordance with these Requirements.

    Expert Comment

    I have a 2012 R2 server running Certificate Authority snap-in.
    I want to do a filter on a specific Certificate Template which i know exists in the 'Issued Certificates' folder.
    All the documentation i can find seems to suggest i copy the certificate name and use this in the View Filter.
    1). I add the 'Certificate Template' option into the Field drop-down.
    2). I leave the Operation as the '=' symbol
    3). I past in just the name of the template in question. for example: 'my computers'

    The search results always come back blank 'There are no items to show in this view.' even when i know there are many instances of this template.

    Anybody know what i'm doing wrong?
    I seem to be getting nowhere with this one.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
    Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now