As of Nov. 1, public certificate authorities will reject requests for internal SSL server certificates that dont conform to new internal domain naming and IP address conventions designed to safeguard networks. The CA/B Forum is the group that sets security and operational guidelines for digital certificates. Organizations with sprawling networks may need to expand their internal DNS infrastructure so the name maps appropriately, says Symantec’s Rick Andrews. Organizations can decide not to obtain publicly-issued SSL certificates for internal servers and instead start privately issuing digital certificates on their own.”]
Source: https://www.csoonline.com/article/2458400/new-ssl-server-rules-go-into-effect-nov-1.html