The Certificate Authority/Browser Forum or CA/B Forum is a voluntary group of Certificate Authorities (CAs) (i.e. Entrust, DigiCert, GlobalSign), Internet Browser vendors (i.e. Google Chrome, Apple Safari, Mozilla Firefox) and other applications that define industry standards and best practices for the Certificate Authority (CA) industry and website security. The CA/B Forum began in 2005, aiming to provide greater assurance to internet users and to promote secure connections between users and websites by leveraging SSL/TLS certificates.
There are now several dedicated “working groups” (WG) within the CA/B Forum, all with different focus areas including the: Server Certificate WG, Code Signing Certificate WG, S/MIME Certificate WG and Network Security WG. Today with more than 60 members worldwide, the CA/B Forum continues to collaboratively set guidelines for issuing and managing public facing digital certificates and heightening overall security for internet transactions.
The CA/B Forum sets technical standards and procedures called Baseline Requirements, that all public CAs must adhere to in order to issue publicly trusted digital certificates. Public CAs must undergo regular audits to ensure they comply with the Baseline Requirements and the audit results are shared with the browsers. Furthermore, public CAs must take action to remediate failed or non-compliant audit findings, often through certificate revocations.
Currently, there are two separate sets of Baseline Requirements – one for SSL/TLS Server Certificates and one for Code Signing Certificates. The CA/B Forum is looking to release and implement new S/MIME Baselines Requirements in Q3 of 2023, which would provide the first-ever industry-wide standards for public S/MIME (or Secure Email) Certificates.
It’s important to note that Baseline Requirements are dynamic and continue to be modified and changed as the industry evolves. The forum can revise an existing Baseline Requirement or propose a new standard through a balloting and voting process. Recently passed ballots including their effective dates can be found on the CA/Forum website such as the Server Certificate Ballots for TLS/SSL Certificates and Code Signing ballots.