Regular Public CAs like DigiCert, GlobalSign, etc., are not allowed to issue SSL certificates for Internal Names (IP addresses, localhost, Internal URLs, and Server names) due to restrictions imposed by the CA/Browser Forum in 2015.

SecureNT Intranet SSL and GlobalSign issue SSL certificates for intranets using non-public CA certificates. While these SSL certificates are technically the same as those issued by Public CA authorities, browsers do not trust their root certificates. So, the customer is required to install the non-public CA roots once on each of their client PCs (devices). Of course, this can be done using Microsoft Group Policy (GPO).

Some vendors issue free trial certificates for testing purposes.