The list of permitted non-FQDN entries in the SAN are as follows:
The following IP blocks are defined as private and non-routable over the internet, thus OK to be issued for internal use:
- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 172.31.255.255
- 192.168.0.0 - 192.168.255.255
- See: http://en.wikipedia.org/wiki/Private_network
Any single server name containing no dots. For example:
- server1
- mymailserver
- printspool
The following internal use TLD's referenced in RFC2606 (http://www.faqs.org/rfcs/rfc2606.html), and comments to the same:
- .test
- .example
- .invalid
- .localhost
- .local
- .lan
- .priv
- .localdomain