SSL Certificates Help

Status of Organization and Organizational Unit fields in SSL certificates

Prior to September 1, 2022, two fields were used to identify aspects of the business that owns an SSL certificate:

  • The Organization (O) field stores information about the certificate subject's Organization Name (its registered business name).
  • The Organizational Unit (OU) field stored additional information about the certificate subject's involvement with the business, such as the department or division of the organization that owned the certificate.

The CA/Browser Forum (CA/B) deprecated the OU field in 2022, as it was the only non-validated field used for certificates. Retirement of the OU field meant that attackers could no longer use this field in a potentially fraudulent manner.

The Organization (O) field is still included with Organization Validated (OV) and Extended Validation (EV) certificates. Domain Validated (DV) certificates, however, no longer include the O or OU fields, as domain ownership is all that's required to obtain a DV certificate.

The fact that O or OU fields are not included with DV certificates may lead to unexpected results when using a DV certificate with some infrastructure components. For example, certain servers, firewalls, or other components, may expect the O and OU fields to be present. If you encounter such an issue while using a DV certificate, consult your component's third-party documentation for more information. You might also consider switching to an OV or EV certificate, either of which support the O field.

Note: Although OV and EV certs cost more than DV certificates, they undergo a more comprehensive verification process, requiring documentation and vetting. For OV certs, the O field is based on the organization listed in the certificate signing request (CSR). For EV certificates, it's based on the organization or DBA ("doing business as") name provided during vetting.

More info

Share this article