Intranet SSL Certificate

SSL/TLS Certificates for internal server names, reserved IP addresses & domain names.

IntranetSSL provides a cost effective solution to secure internal servers, applications, and IP addresses that do not require public trust yet want to benefit from SSL/TLS encryption.

With IntranetSSL, enterprises receive the same high level of security and certificate features of publicly trusted SSL Certificates, but the certificates are issued using GlobalSign non-public CAs which allows for configurations not allowed in public certificates and lower prices. 


Note:You can use our standard line of publicly trusted certificates on internal servers. IntranetSSL is for applications that either don’t need or can’t use public trust because they need certificates that don’t comply with industry requirements (more on this below).


Since 2015, the CA/Browser Forum prohibits the use of internal server names and reserved IP addresses in publicly trusted SSL Certificates.  This means if you normally receive SSL Certificates from a public CA , you aren’t able to use their certificates for internal server names.

IntranetSSL from GlobalSign allows enterprises to continue to issue SSL to internal server names and reserved IP addresses without the need to run your own CA or use self-signed certificates, because the certificates are issued using GlobalSign’s non-public CAs. 


Who needs IntranetSSL? 

  • If you need certificates to include internal server names or reserved IP addresses (since these are prohibited from publicly trusted certificates per the CA/Browser Forum), but you don’t want to run your own in-house CA or use self-signed certificates

  • If you have servers within your internal networks that do not require public trust, IntranetSSL is a more cost-effective option to secure these

  • If you need to issue certificates with options that would otherwise not be permitted under public hierarchies, including the use of internal server names, SHA-1 and 3-5 year validity periods

  • If you do not want your internal server name(s) to be posted to public Certificate Transparency (CT) logs

IntranetSSL Certificate Key Features

  • Secure RSA 2048 bit and ECC 256 bit hierarchies 
  • Flexible signing algorithm choices of SHA-1 SHA-256, or ECDSA
  • Include up to 500 SANs, including internal server names, domain names, subdomains, wildcards and IP addresses
  • SAN licensing option allows up to a specified number of unique SANs across the certificate inventory, enabling you to provide trial or short term certificate without impacting the bottom line
  • Instant issuance from GlobalSign’s certificate management platform
  • Support for longer validity periods than what is permitted under public roots (up to 5 years)
  • Reissue as many times as needed during the validity period
  • Optional AutoCSR – we’ll create the keys and CSR for you 
  • Unlimited server licensing – install across as many servers as you wish

How can IntranetSSL be used?

IntranetSSL supports the issuance of SSL Certificates with internal server names and reserved IP addresses in the CN and SAN values; furthermore, mix and match internal, FQDNs, sub-domains, wildcard, and Global IP addresses in one certificate using a single certificate under a non-public GlobalSign root.

  • Local Host Names (mysite.localhost)

  • Reserved IP Address (

  • Fully Qualified Domain Name (

  • Sub-Domains (

  • Wildcard (*

  • Global IP Address ( offers all leading Brands Intranet / IP SSL Certificates;

Click here to Comparison b/w Intranet or IP SSL Brands at Glance


You can contact us for support or consultancy related at ::