Removal of street address and postal code fields from certificates

Starting March 7, 2021 Sectigo will cease to include street address and postal code information in newly issued certificates on all its brands. This is a proactive decision by Sectigo and not a requirement of CA/Browser Forum or root store programs. Sectigo OV and EV certificates will continue to contain the validated organization name along with the city, state (if appropriate), and country in which the organization is located.

Existing certificates will continue to work correctly and will contain the same information they had as of issuance time. No action is required for any existing certificate.

Simultaneous with this release, we will remove street address information from the TrustLogo for all Sectigo SSL brands. No other change will occur to Sectigo’s systems, ordering process, validation, or issuance.

General Questions

Question: Why are you making this change?

  • Answer: CA/Browser Forum rules do not require the publication of street address and postal code information, which means Sectigo is free to discontinue including this information. This change is beneficial to other initiatives Sectigo has to improve issuance quality and efficiency.

Question: Does this change diminish the added value of OV or EV over a DV certificate?

  • Answer: No. The presence of the street address is not what differentiates an OV certificate from a DV certificate. Let’s remember that OV stands for Organization Validation, and the authenticated name of a company, government agency, school, NGO, or other organization inside the certificate is the key added value that comes with an OV certificate. Interested parties viewing the certificate will still be able to confirm the organization name and location (city, country, and state, if appropriate).
Our experience indicates that including the specific authenticated address adds no real value above what is provided by organization name and location. Since companies frequently operate at more than one address, the street address can sometimes lead to confusion when the address listed in the certificate does not match the expectations of the party viewing the certificate. Furthermore, some customers who run small businesses run them out of their homes and prefer not to have their specific street address listed. This change maintains the added value of an OV certificate while removing these potential pain points.

Question: Is Sectigo the only public CA that will have removed this address information?

  • Answer: No. Public CAs today are mixed on whether or not they include this information in certificates.

Question: Does this change apply to non-Sectigo brands such as InstantSSL and PositiveSSL?

  • Answer: Yes, it applies to all brands from Sectigo Limited.

Question: Does this change apply to all types of public certificate from Sectigo?

  • Answer: Yes. Affected certificate types include SSL, Code Signing, S/MIME, and Document Signing.

Question: How does this change affect certificates issued from a Sectigo private CA?

  • Answer: You will continue to maintain full control over your own private CAs and will be able to issue certificates with street address and postal code fields on your own private roots.

Customer experience

Question: Does this mean Sectigo will cease to use street address information in its validation process?

  • Answer: No. CA/Browser Forum Baseline Requirements demand that OV and EV authentication includes authentication of street address, along with other validation requirements that are not included in the certificate details. In compliance with those rules we will continue to validate street address.

Question: In what ways will the OV and EV authentication processes change?

  • Answer: These processes and the user experience will not change in any way.

Question: If I renew an existing certificate, will the new certificate contain street address and postal code information?

  • Answer: No. That will be a new certificate, which will follow Sectigo’s updated certificate policy.

Question: If I replace an existing certificate, will the new certificate contain street address and postal code information?

  • Answer: No. That will be a new certificate, which will follow Sectigo’s updated certificate policy.

Question: If I order an OV or EV certificate prior to March 7 but it is not issued until on or after March 7, will that be a problem?

  • Answer: No. All orders and ongoing authentication procedures are the same. SSL certificates issued March 7 or later simply will not contain street address or postal code information.

Technical Questions

Question: How does this change affect the operation of Sectigo Certificate Manager?

  • Answer: Except for the fact that provisioned certificates will not contain street or postal code information, it does not.

Question: Will I need to make any changes to my certificate templates in SCM?

  • Answer: No. Templates do not affect anchors.

Question: Will existing ordering APIs change?

  • Answer: No. Your API call can submit the 'streetAddress1/2/3' and 'postalCode' fields as parameters or in the CSR, just as they may be sent today. Orders will not be rejected or errors generated; we simply won't include those fields in the resulting certificate.

Question: Do partners need to change their certificate ordering process?

  • Answer: No.

Question: Do I have to change how I create or submit a CSR?

  • Answer: No.

Question: What happens if I submit street address or postal code information in my CSR?

  • Answer: Just as is the case today, it will make no difference if you include street and postal information in your CSR. You do not need to change your CSR creation or submission process in any way.

Question: How will the retail customer experience change when ordering a certificate?

  • Answer: It will not change in any way.

Question: Are exceptions available?

  • Answer: No. This will be a universal change and exceptions will not be available.