CA/Browser Forum

Welcome to the CA/Browser Forum

Information for the Public

Information for the Public

Organized in 2005, we are a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS, code signing, and S/MIME.

>read more

Website Owners and OperatorsInformation for Site Owners and Administrators

The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the web sites they visit by leveraging the capabilities of SSL/TLS certificates. In June 2007, the CA/Browser Forum adopted version 1.0 of the Extended Validation (EV) Guidelines. EV certificates are issued after extended steps to verify the identity of the entity behind the domain receiving the certificate. Internet browser software displays enhanced indication of that identity by changing the appearance of its display (i.e. colors, icons, animation, and/or additional website information).

 >read more

developer-150Information for Developers

Following the publication of version 1.0 of the EV Guidelines, the CA/Browser Forum has continued working to improve the online security of Internet users. The Forum adopted EV Guidelines for issuing code signing certificates, and in 2011 adopted the Baseline Requirements for the Issuance and Management of Publicly-Trusted SSL/TLS Certificates to improve accreditation and approval schemes for all applicants who request that their self-signed root certificates be embedded as trust anchors in software and to extend common standards for issuing SSL/TLS certificates beyond EV to include all Domain-validated (DV) and Organization-Validated (OV) certificates.

>read more

Auditors and AssessorsInformation for Auditors and Assessors

The Forum has also adopted a set of “Network and Certificate System Security Requirements” applicable to all publicly trusted CAs with the intent that all such CAs and Delegated Third Parties be audited for conformity once they have been incorporated as mandatory requirements (if not already mandatory requirements) in browser root programs or existing audit criteria.

>read more

Potential MembersInformation for Potential Members

Currently the CA/Browser Forum continues work on Internet security issues such as the distribution of digitally signed code, revocation/certificate-validity checking, the domain name system, and other issues of common interest to CAs, Internet software providers, website owners, and Internet users.

>read more