Description

Details

In compliance with pending policy changes brought about by CA/Browser (CA/B) Forum ballot SC47v2, Sectigo will deprecate the population of the Organizational Unit (OU) field in Sectigo issued Certificates ahead of this deadline, starting July 1, 2022.

As concluded by the CA/B Forum, the “Organizational Unit” is a concept purely internal to a company, which therefore lacks credible, outside information sources for a Certificate Authority (CA) to use. As a result, the OU field cannot be authenticated and could contain almost any text that a customer or CA chose to include. Although existing guidelines prohibit the use of unauthenticated brands or domain names in OU fields, such a policy is extremely hard to police and is fundamentally nebulous and judgement-based. Removing the field eliminates this problem.

Customers who use the field are cautioned that any processes or systems that depend on the presence of or information in the OU field could be impacted.

This change primarily impacts public Extended Validation (EV) and Organizational Validation (OV) SSL / TLS Certificates, as well as both EV and standard Code Signing Certificates. Most enterprises, however, do not use the OU field, and accordingly, would not have built out processes that depend on this content. Such organizations should not be impacted by this change.