In an effort to tighten security on the internet by creating more stringent standards, the CA/Browser Forum recently formulated new guidelines in their Baseline Requirements for issuing SSL certificates.
One of the new changes is the elimination of certificates using internal names. This change makes it impossible to obtain a publicly trusted certificate for any host name that cannot be externally verified as being owned by the organization that is requesting the certificate.
As a result, all Certificate Authorities must phase out the issuance of certificates issued to either internal server names or a reserved IP address by October 2016. In accordance with this new standard, DigiCert will no longer issue certificates to these internal names with expiration dates after November 1, 2015.
The new DigiCert Internal Domain Name Tool for Microsoft Exchange provides an easy way for network administrators and other IT personnel to reconfigure their Exchange servers to comply with the new CA/B Forum guidelines, regardless of whether they currently use DigiCert SSL Certificates.
More info & the tool @ source.