CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 26 – Certificate Reissuance

Ballot 26 – Certificate Reissuance

Ballot 26 – Certificate Reissuance (Passed Unanimously)

Motion

Steve Roylance made the following motion, and Ben Wilson and Jay Schiavo endorsed it:

Motion begins

The Guidelines should be amended by the following erratum.

Erratum begins

  1. Replace this section which was itself previously amended by Errata: “25. EV Certificate Renewal Verification Requirements

(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.

(b) Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY:

(1) EV Certificate previously issued by the CA:”

With: “25. EV Certificate Renewal Verification Requirements

(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.

(b) Validation of Re-issuance requests. A CA may rely on previously verified information to issue a Replacement Certificate, as defined in these Guideline when:

  1. The expiration date of the replacement certificate is the same as the expiration date of the currently valid EV certificate being replaced, and

  2. The certificate subject of the Replacement Certificate is the same as the certificate subject contained in the currently valid EV certificate. (c) Renewal Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY: (1) EV Certificate previously issued by the CA:”

  3. Replace this section from the Definition Section which was itself previously amended by Errata: “EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate.”

With: “EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate but with a new ‘valid to’ date beyond the expiry of the current EV certificate.

EV Certificate Re-issuance. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate but with a matching ‘valid to’ date of the current EV certificate.”

Erratum ends

Motion ends

The ballot review period comes into effect at 1700 EST on 03 Mar 09,and will close at 1700 EDT on 10 Mar 2009. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 1700 EDT on 17 Mar 2009.

Votes must be cast by ‘reply all’ to this email.

A vote in favour of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted.

The latest vote received from any representative of a voting member before the close of the voting period will be counted.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.7 - Ballot SMC09 - Nov 25, 2024

This ballot includes updates for the following: • Require pre-linting of leaf end entity Certificates starting September 15, 2025 • Require WebTrust for Network Security for audits starting after April 1, 2025 • Clarify that multiple certificatePolicy OIDs are allowed in end entity certificates • Clarify use of organizationIdentifer references • Update of Appendix A.2 Natural Person Identifiers This ballot is proposed by Stephen Davidson (DigiCert) and endorsed by Clint Wilson (Apple) and Martijn Katerbarg (Sectigo).

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).