Sectigo implements state-locality exclusivity for public SSL certificates

To help ensure high issuance quality while maintaining compliance with CA/Browser Forum guidelines, Sectigo is phasing out the use of Locality information in favor of State or Province information in our public Extended Validation (EV) and Organization Validation (OV) SSL / TLS certificates. Relevant guidelines require one of the two fields stateOrProvinceName or localityName be present. They do not require both.

Acceptable contents for stateOrProvinceName are well defined as Sectigo operates from a current list of government-established jurisdictions for every country for which we make certificates available. localityName, on the other hand, is extraordinarily vague. To ensure correct, compliant issuance and minimize the likelihood of a forced revocation event, for new certificates Sectigo is populating the stateOrProvinceName field rather than the localityName field. Per guidelines, Sectigo will continue to authenticate the full location, down to the street address, for all OV and EV certificate requests. Existing certificates are unaffected by this change.

This is a phased process, and it will take approximately two years to entirely implement. During that time you may continue to see active Sectigo certificates containing the localityName field.