New CA certificate rules
This is what I've received from a vendor, but can't find any validation. Would like some input:
"My operations teams have told me that the Certificate Authority Browser Forum, who are the governing body over public CA certificates have changed their policy and no longer allow ‘District of Columbia’ or ‘Washington, D.C.’ to be used in the ‘state’ field of a certificate. They have sent notice of this providing just 5 days’ notice upon which they have instructed all Certificate Authorities to revoke any non-compliant certificates."
"My operations teams have told me that the Certificate Authority Browser Forum, who are the governing body over public CA certificates have changed their policy and no longer allow ‘District of Columbia’ or ‘Washington, D.C.’ to be used in the ‘state’ field of a certificate. They have sent notice of this providing just 5 days’ notice upon which they have instructed all Certificate Authorities to revoke any non-compliant certificates."
I can't find any reference to the removal of DC in the state field of a high assurance or extended validation certificate (only these 2 type require more than just the domain name
Can you quote a reference?
Can you quote a reference?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: 'David Johnson, CD' (https:#a43178549)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: 'David Johnson, CD' (https:#a43178549)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
If you think you must, you can always stuff the CSR file with any string you like...
District of Columbia or Moonbase 12... whatever you like...
Hint: Cert strings are fairly useless. Better to just allow LetsEncrypt to generate certs without any locale settings, which is the CSR default.