Organisation Unit (OU) Information No Longer Include in SSL CertificatesIn December 2021, the CA/B Forum has voted to deprecate the organizationalUnitName field entirely from certificates. This will take effect starting 1 Sep 2022 (although some CAs are implementing the change ahead of schedule). - Sectigo will remove OU info from their certificates starting 1 July 2022.
- DigiCert will remove the field from their certificates in August 2022, before the end of the month.
What Is the Organisation Unit (OU) Field?When you complete a certificate signing request (CSR) as part of the certificate ordering process, there’s the “Organizational Unit” field which is a piece of information purely internal to a company, such as the organisation's department and so on. Why Are CAs Removing the Organizational Unit (OU) Field?The OU field could contain almost any text that a customer or CA chose to include. The concern was that this field could be intentionally or unintentionally misused and cause validation hang-ups and other issues.
Although existing guidelines prohibit the use of unauthenticated brands or domain names in OU fields, such a policy is extremely hard to police and is fundamentally nebulous and judgement-based.
To quickly summarize, the idea behind removing the OU field is that it will: - Eliminate an unnecessary piece of data.
- Mitigate OU-related hiccups in the validation process by eliminating the highly specific field.
- Prevent inaccurate attributions or intentional misuses of company names, trademarks, tradenames, addresses, or other information.
How Will Removing the OU Field Affect My Organization?This change will not affect most organisations. This change will likely only affect you if you have been doing something custom (like using the OU field to keep track of which employee/department issued a certificate).
Here’s a quick overview of what removing the OU field will entail for publicly trusted certificates: - The OU field will be removed from all certificate authorities’ certificate order forms.
- All new or re-issued publicly trusted SSL/TLS certificates will no longer contain OU information.
- Pre-existing SSL/TLS certificates (i.e., those that were ordered prior to the field’s removal) won’t be affected.
If you need more information about how these changes will affect you, you can reach out to us and we will be glad to help you.
Thank you for your attention.If you have any queries, please contact us at support@clickhere2.com or visit our Customer Support Centre at https://support.clickhere2.com.sg. |