Skip to main content

What are the special requirements for Organizational Units (OUs) to be compliant?

User-added image

The CAB Forum has released the Baseline Requirements and the public CAs issuing SSL certificates must become compliant. One of the Baseline Requirements is to verify the Organization Unit (OU). The requirement is as follow:

The CA SHALL implement a process that prevents an OU attribute from including a name, DBA, trade name, trademark, address, location, or other text that refers to a specific natural person or Legal Entity unless the CA has verified this information in accordance with Section 11.2 (Verification of Subject Identity Information).

In other words, the OU must be verified so that it does not mislead the end user to think that they are dealing with the wrong certificate holder. An example would be an organization using a name such PayPal for their OU may look like this: O=Secure Payments, Inc.; OU=PayPal. This may mislead an end user to think that they are dealing with PayPal.

Verification of an OU should be simple. The idea was that an OU would just be a department of the organization. OUs such as IT, Marketing, Human Resources, and R&D are acceptable and do not mislead the end user. The problem is that some certificate users define their OU by who the server is interfacing or with some undefined acronym that looks very similar to an acronym used by another company.

In order to simply OU verification, Entrust offers the following guidelines:

  • Prefix the OU with your organization name or recognized acronym
  • Use natural language names such as Human Resources or Sales
  • Use numerics
  • Only use trade style, trademarks or DBA that have been registered by the organization
  • Don’t use personal names
  • Don’t use uncommon acronyms

If a requested OU is ambiguous and may be conceived as misleading to an end user, then it cannot be verified per the requirements and will be rejected.

If there are any questions, please contact Entrust Certificate Services Support at Entrust SSL Support : https://www.entrust.net/customer_support/contact.cfm .

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: Smart Phone users may use the 1-800 numbers shown in the table below.
Otherwise, it is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

Country Number
Australia 0011 - 800-3687-7863
1-800-767-513
Austria 00 - 800-3687-7863
Belgium 00 - 800-3687-7863
Denmark 00 - 800-3687-7863
Finland 990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France 00 - 800-3687-7863
Germany 00 - 800-3687-7863
Hong Kong 001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland 00 - 800-3687-7863
Israel 014 - 800-3687-7863
Italy 00 - 800-3687-7863
Japan 001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea 001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia 00 - 800-3687-7863
Netherlands 00 - 800-3687-7863
New Zealand 00 - 800-3687-7863
0800-4413101
Norway 00 - 800-3687-7863
Singapore 001 - 800-3687-7863
Spain 00 - 800-3687-7863
Sweden 00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland 00 - 800-3687-7863
Taiwan 00 - 800-3687-7863
United Kingdom 00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088