OU Field to be deprecated for InCommon Certificates Starting July 1, 2022

Future SSL certificates will not include a value in the OU (organization unit) field.  Later, the OU field will be removed⁽¹⁾ entirely.  For the vast majority of us this change has no impact.

If you are utilizing InCommon SSL certificates⁽²⁾ for your web server or other purposes, and if you have automated processes that depend on the OU field value, please review your processes.

Key dates:

• Effective July 1st, 2022, newly issued InCommon certificates will have unused OU fields.  After July 1st, if your CSR (Certificate Signing Request) specifies a OU value, the resulting certificate will not include the value.

• Effective September 1st, 2022, the CA/B (Certificate Authority/Browser⁽³⁾) forum mandates that the OU field be unused and deprecated for all newly issued certificates.  InCommon certificates are issued by Sectigo. 

Footnotes:

⁽¹⁾ For more information on the Sectigo announcement:

   o <https://sectigo.com/knowledge-base/detail/FAQ-OU-Field-to-Be-Deprecated-in-Sectigo-Issued-Certificates-Starting-July-1st-2022/kA03l000000c4NP>

⁽²⁾ For more information on obtaining InCommon SSL certifications from ITS Site Licensing:

   o <https://www.hawaii.edu/sitelic/incommon/>

⁽³⁾ For more information on the CA/B forum:

   o <https://cabforum.org/>