Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-08-22 14:29:14.0

What are the special requirements for Organizational Units (OUs) to be compliant?

Article Number: 46342

User-added image

The CAB Forum has released the Baseline Requirements and the public CAs issuing SSL certificates must become compliant. One of the Baseline Requirements is to verify the Organization Unit (OU). The requirement is as follow:

The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, trade name, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 11.2 (Verification of Subject Identity Information).

In other words, the OU must be verified so that it does not mislead the end user to think that they are dealing with the wrong certificate holder. An example would be an organization using a name such PayPal for their OU may look like this: O=Secure Payments, Inc.; OU=PayPal. This may mislead an end user to think that they are dealing with PayPal.

Verification of an OU should be simple. The idea was that an OU would just be a department of the organization. OUs such as IT, Marketing, Human Resources, and R&D are acceptable and do not mislead the end user. The problem is that some certificate users define their OU by who the server is interfacing or with some undefined acronym that looks very similar to an acronym used by another company.

In order to simply OU verification, Entrust offers the following guidelines:

  • Prefix the OU with your organization name or recognized acronym
  • Use natural language names such as Human Resources or Sales
  • Use numerics
  • Only use trade style, trademarks or DBA that have been registered by the organization
  • Don’t use personal names
  • Don’t use uncommon acronyms

If a requested OU is ambiguous and may be conceived as misleading to an end user, then it cannot be verified per the requirements and will be rejected.

If there are any questions, please contact Entrust Certificate Services Support at Entrust SSL Support: https://www.entrust.net/customer_support/contact.cfm.
 

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call. 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN8621

Affected Products:

  • Entrust Certificate Services Additional Organization Names Version Not Applicable Language Not Applicable Platform Not Applicable