CA/Browser Forum – Standards

The CA/Browser Forum completed the Baseline Requirements in 2011 to be effective on July 1, 2012. The Baseline Requirements provide standards on the issuance and management of publicly-trusted SSL certificates.

Prior to the Baseline Certificates being issued the only standard for issuing SSL certificates was the Extended Validation (EV) guidelines also written by the CA/Browser Forum. The EV guidelines were dedicated to the new EV SSL certificates and did not address verification requirements of domain or organization validated SSL certificates.

The Baseline Requirements provides the minimum set of requirements that all CAs have to meet, if they are issuing publicly-trusted SSL certificates. This helps bring all the current CAs up to the same standard and provides a gauge for new CAs that want to enter the industry.

The Baseline Requirements have been addressed by the AICPA/CICA, which has issued a new set of audit criteria which each CA will be audited against on an annual basis.

The latest version of the Baseline Requirements can be found on the CA/Browser Forum documents page.