CA/Browser Forum
Home » All CA/Browser Forum Posts » Welcome to the CA/Browser Forum

Welcome to the CA/Browser Forum

Welcome to the CA/Browser Forum. Organized in 2005, we are a voluntary group of certification authorities (CAs), vendors of Internet browser software, and suppliers of other applications that use X.509 v.3 digital certificates for SSL/TLS and code signing.

The CA/Browser Forum began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to Internet users about the websites they visit by leveraging the capabilities of SSL/TLS certificates. In June 2007, the CA/Browser Forum adopted version 1.0 of the Extended Validation (EV) Guidelines. EV certificates are issued after extended steps to verify the identity of the entity behind the domain receiving the certificate. Internet browser software displays enhanced indication of that identity by changing the appearance of its display (i.e. colors, icons, animation, and/or additional website information).

Following the publication of version 1.0 of the EV Guidelines, the CA/Browser Forum has continued working to improve the online security of Internet users. The Forum adopted EV Guidelines for issuing code signing certificates, and in 2011 adopted the Baseline Requirements for the Issuance and Management of Publicly-Trusted SSL/TLS Certificates to improve accreditation and approval schemes for all applicants who request that their self-signed root certificates be embedded as trust anchors in software and to extend common standards for issuing SSL/TLS certificates beyond EV to include all Domain-validated (DV) and Organization-Validated (OV) certificates. The Forum also adopted a set of “Network and Certificate System Security Requirements” applicable to all publicly trusted CAs with the intent that all such CAs and Delegated Third Parties be audited for conformity once they have been incorporated as mandatory requirements (if not already mandatory requirements) in browser root programs or existing audit criteria. Currently, the CA/Browser Forum continues work on Internet security issues such as the distribution of digitally signed code, revocation/certificate-validity checking, the domain name system, and other issues of common interest to CAs, Internet software providers, website owners, and Internet users.

Latest releases
Code Signing Requirements
v3.8 - Aug 5, 2024

What’s Changed CSC-25: Import EV Guidelines to CS Baseline Requirements by @dzacharo in https://github.com/cabforum/code-signing/pull/38 Full Changelog: https://github.com/cabforum/code-signing/compare/v3.7...v3.8

S/MIME Requirements
v1.0.6 - Ballot SMC08 - Aug 29, 2024

This ballot sets a date by which issuance of certificates following the Legacy generation profiles must cease. It also includes the following minor updates: Pins the domain validation procedures to v 2.0.5 of the TLS Baseline Requirements while the ballot activity for multi-perspective validation is concluded, and the SMCWG determines its corresponding course of action; Updates the reference for SmtpUTF8Mailbox from RFC 8398 to RFC 9598; and Small text corrections in the Reference section

Network and Certificate System Security Requirements
v2.0 - Ballot NS-003 - Jun 26, 2024

Ballot NS-003: Restructure the NCSSRs in https://github.com/cabforum/netsec/pull/35

Tags
Edit this page
The Certification Authority Browser Forum (CA/Browser Forum) is a voluntary gathering of Certificate Issuers and suppliers of Internet browser software and other applications that use certificates (Certificate Consumers).