What are valid SSL-certificate common names?

I need an SSL certificate for an internal domain name, but all the providers I'm开发者_开发技巧 trying to buy a certificate from are saying invalid common name.

Can I only get an SSL for a .com, .co.uk etc top level domain?

Are there any providers that will issue me a certificate for mydomain.lan (for example)?

Certificates prove that you do own the domain name. Certificate authority can't ensure that you own some LAN box called mydomain.lan, therefore no, they (CAs) won't emit a certificate for your local box, because you could just fake it.

On the other hand, you could generate self-signed certificate and install it as a root certificate on the boxes within your LAN. This is rather safe and won't cause warnings about self-signed certificates on the server side while accessing server via SSL using browser, IM client or other SSL-aware soft.

Publicly available domains are fine, and any valid extensions are fine beyond what you mentioned. Ip addresses are fine too, but you will need to provide documentation from your provider that they own or are authorized to use said ip address.

Internal names will not be signed by CAs, except in instances like a SAN certificate for Exchange where a domain specified in the SAN field may have something like my domain.lan. I've had this done with SSL.com so I know they will issue a certificate like that.