Removal of Organization Unit (OU) field from Certification Authority (CA) issued TLS/SSL certificates
Article ID: KB0072289
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | 7.x |
Description
The CA/Browser Forum (CA/B Forum) has recently passed a ballot to have the OU field removed from all public trusted TLS/SSL certificates. The OU field allows optional metadata to be stored in a certificate. However, its intended purpose is extremely limited and is subject to validation requirements, and it viewed as a security vulnerability going forward.
This means the forum has decided that this field is no longer necessary, and that all publicly trusted certificate authorities will no longer include this information in the certificates they issue.
This means the forum has decided that this field is no longer necessary, and that all publicly trusted certificate authorities will no longer include this information in the certificates they issue.
Issue/Introduction
Removal of Organization Unit (OU) field from Certification Authority (CA) issued TLS/SSL certificates
Environment
All platforms
Resolution
The OU field is just a labeling field in a certificate. The internal libraries used by BusinessConnect do not make any reference to this field. Hence, the certificates issued without the OU field will work with BusinessConnect without any impact. Any future CSR requests can be made with the OU field set (and the BC CSR wizard requires that a value be set), but the CA will issue the leaf certificate with it omitted.
Feedback
Yes
No
Powered by
