CA/Browser Forum
Home » All CA/Browser Forum Posts » Ballot 26 – Certificate Reissuance

Ballot 26 – Certificate Reissuance

Ballot 26 – Certificate Reissuance (Passed Unanimously)

Motion

Steve Roylance made the following motion, and Ben Wilson and Jay Schiavo endorsed it:

Motion begins

The Guidelines should be amended by the following erratum.

Erratum begins

  1. Replace this section which was itself previously amended by Errata: “25. EV Certificate Renewal Verification Requirements

(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.

(b) Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY:

(1) EV Certificate previously issued by the CA:”

With: “25. EV Certificate Renewal Verification Requirements

(a) Validation for Renewal Requests. In conjunction with the EV Certificate Renewal process, the CA MUST perform all authentication and verification tasks required by these Guidelines to ensure that the renewal request is properly authorized by Applicant and that the information in the EV Certificate is still accurate and valid.

(b) Validation of Re-issuance requests. A CA may rely on previously verified information to issue a Replacement Certificate, as defined in these Guideline when:

  1. The expiration date of the replacement certificate is the same as the expiration date of the currently valid EV certificate being replaced, and

  2. The certificate subject of the Replacement Certificate is the same as the certificate subject contained in the currently valid EV certificate. (c) Renewal Exceptions. Notwithstanding the requirements set forth in Section 33(b) (Use of Pre-Existing Information or Documentation) and Section 8 (Maximum Validity Period), a CA, when performing the authentication and verification tasks for EV Certificate Renewal MAY: (1) EV Certificate previously issued by the CA:”

  3. Replace this section from the Definition Section which was itself previously amended by Errata: “EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate.”

With: “EV Certificate Renewal. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate but with a new ‘valid to’ date beyond the expiry of the current EV certificate.

EV Certificate Re-issuance. The process whereby an Applicant who has a valid unexpired and non-revoked EV certificate makes an application, to the CA that issued the original certificate, for a newly issued EV certificate for the same organizational and domain name prior to the expiration of the applicant’s existing EV Certificate but with a matching ‘valid to’ date of the current EV certificate.”

Erratum ends

Motion ends

The ballot review period comes into effect at 1700 EST on 03 Mar 09,and will close at 1700 EDT on 10 Mar 2009. Unless the motion is withdrawn during the review period, the voting period will start immediately thereafter and will close at 1700 EDT on 17 Mar 2009.

Votes must be cast by ‘reply all’ to this email.

A vote in favour of the motion must indicate a clear ‘yes’ in the response. A vote against must indicate a clear ‘no’ in the response. A vote to abstain must indicate a clear ‘abstain’ in the response. Unclear responses will not be counted.

The latest vote received from any representative of a voting member before the close of the voting period will be counted.

Latest releases
Server Certificate Requirements
SC099: Improve Recording of Validation Methods - May 19, 2026

Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.14 - Ballot SMC016 - May 5, 2026

This ballot maintains consistency between the S/MIME Baseline Requirements and the TLS Baseline Requirements with changes introduced by Ballots SC096 and SC097. Specifically, this ballot: Creates a carve-out of the logging requirements for DNSSEC specifically, stating these are not in scope. For audit purposes, change management logging is able to confirm if the appropriate controls are in effect or not. Sunsets all remaining use of SHA-1 signatures in Certificates and CRLs. It is noted that most uses of SHA-1 signatures are already deprecated by SC097. With this ballot, all unexpired Subordinate CA Certificates issuing S/MIME containing the SHA-1 signature algorithm must be revoked. This proposal does not prohibit the use of SHA-1 to generate issuerKeyHash or issuerNameHash values as currently required by RFC 5019. Includes minor formatting corrections.

Unable to retrieve latest release information from the netsec repository.
Related posts
Tags
Ballot Server Certificates
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).