The list of permitted non-FQDN entries in the SAN are as follows:

The following IP blocks are defined as private and non-routable over the internet, thus OK to be issued for internal use:

  1. 10.0.0.0 - 10.255.255.255
  2. 172.16.0.0 - 172.31.255.255
  3. 192.168.0.0 - 192.168.255.255
  4. See: http://en.wikipedia.org/wiki/Private_network

Any single server name containing no dots. For example:

  1. server1
  2. mymailserver
  3. printspool

The following internal use TLD's referenced in RFC2606 (http://www.faqs.org/rfcs/rfc2606.html), and comments to the same:

  1. .test
  2. .example
  3. .invalid
  4. .localhost
  5. .local
  6. .lan
  7. .priv
  8. .localdomain