If a certificate is instructed for an internal host name, the component of a FQDN is (CN=test.example.com), then nothing changes. The top level and second level domain is checkable with the help of public directories. The certificate is issued after successful check.

If a certificate is instructed, nevertheless, only for an internal host name (CN=test), it does not concern an entire domain name (FQDN) and the necessary check compared with public directories are not possible. Such a certificate would not be unequivocal therefore or unique. The certificate is not issued.

With a certificate which is instructed for an IP address from a reserved address range it behaves alike. These address ranges have been reserved for certain purposes and can be used accordingly mainly arbitrarily. The certificates are on no account unique, because they can be seated equally on many private networks (z. B.192.168.*. *).

Also no clarity can be certified, because the use assumes no registration. For called reasons such a certificate order is also rejected.

Examples of reserved address ranges are:,, 10.*.*.*, 192.168.*.*,, 172.16.*.*, 172.17.*.*, 172.18.*.*, 172.19.*.*, 172.20.*.*, 172.21.*.*, 172.22.*.*, 172.23.*.*, 172.24.*.*, 172.25.*.*, 172.26.*.*, 172.27.*.*, 172.28.*.*, 172.29.*.*, 172.30.*.*, 172.31.*.*.