Knowledge Base

OU Field to Be Deprecated in Sectigo Issued Certificates Starting July 1st 2022

January 18, 2022 in Sectigo Validation, Advisory Notices and SSL Validation FAQs

Due to New Rule, OU Field to Be Deprecated in Sectigo Issued Certificates Starting July 1st 2022

Summary:
The CA/Browser (CA/B) Forum recently passed ballot SC47v2 making OU fields against guidelines as of September 1, 2022. Sectigo is deprecating the population of the Organizational Unit (OU) field in Certificates ahead of this deadline, starting July 1, 2022. Customers who make use of the OU field should note that any processes or systems which depend on information contained in the OU field could be impacted.

Sectigo will enable customers to test for impact and to adjust their processes ahead of the deadline date, by offering a mechanism to remove issuance of OU fields in SSL Certificates in advance of July 1, 2022. This capability will allow customers to “turn off” OU issuance for Certificates and evaluate the results ahead of the final July 22, 2022 deadline.


Description:
The CA/Browser (CA/B) Forum recently passed ballot SC47v2 making OU fields against guidelines as of September 1, 2022.

As concluded by the CA/B Forum, an “Organizational Unit” is a concept purely internal to a company, which therefore lacks credible, outside information sources for a Certificate Authority (CA) to use – the OU field cannot be authenticated and therefore could contain almost any text that a customer or CA chose to include.

Although existing guidelines prohibit the use of unauthenticated brands or domain names in OU fields, such a policy is extremely hard to police and is fundamentally nebulous and judgement-based. Removing the field in its entirety eliminates this problem.

As a result, Sectigo will deprecate the OU field in public Certificates starting July 1, 2022. Customers who use the field are cautioned that any processes or systems that depend on the presence of, or information contained within, the OU field could be impacted.

Starting no later than April 1, 2022, Sectigo plans to offer a mechanism to temporarily turn off the OU field on a per-account basis. This optional feature will enable customers to conduct real-world tests to assess the impact of this change, with the option to “roll back” and adjust their technology or processes, prior to the hard deadline for eliminating the field altogether.

This change impacts public Extended Validation (EV) and Organizational Validation (OV) SSL / TLS Certificates as well as both EV and standard Code Signing Certificates. See the following knowledge base articles for further information:

Official Blog Communication
Frequently Asked Questions

Related articles