Is Your Identity Verifiable? What the SC-87 Ballot Means for Your Certificates

The latest CA/Browser Forum ballot, SC‑87, introduces long‑needed clarity to how Certification Authorities record and validate an organization’s legal identity in TLS certificates, since SC‑ ballots apply to TLS/SSL certificates. This matters to the entire ecosystem—CAs, browsers, auditors, and relying parties—because accurate identity data is foundational to online trust.

What’s Changing?

Under SC‑87, Certification Authorities (CAs) will now be required to populate the serialNumber field with exactly the value they verified during identity vetting—either the official Registration Number or, when a jurisdiction does not provide one, a confirmed Date of Formation using a canonical date format (mandatory by June 15, 2027).

Changes apply across all entity types—Private, Government, Business, and Non‑Commercial—and clearly define how to handle cases where registration numbers don’t exist or cannot be verified. For example:

• Government Entities may use standardized phrases like “Government Entity” if no verifiable date exists.
• Non‑Commercial Entity Subjects must use “Non‑Commercial Entity” in similar cases.

Additionally, CAs must continuously validate Registration Numbers against their published, acceptable formats, closing historical gaps and eliminating outdated qualifiers.

Why It Matters for the Community

1. Greater Transparency for Relying Parties

Organizations, browsers, and auditors will see clearer, more standardized identity fields, reducing ambiguity and strengthening legal traceability.

2. Reduced Risk of Identity Misrepresentation

By requiring precise match‑back to vetted data, the chance of malformed or misleading identity fields drops significantly.

3. Better International Compatibility

The shift to a canonical Date of Formation and removal of legacy terminology improves cross‑jurisdictional alignment—critical as certificate consumers increasingly operate across borders.

4. Stronger Future Governance

By setting a mid‑2027 enforcement date for canonical formats, the ballot gives CAs time to update tooling and Registration Authority processes while preparing the ecosystem for a more predictable and reliable identity framework.

The Bottom Line

SC‑87 is a strategic step forward for identity accuracy in TLS certificates.
For the broader security and PKI community, the impact is clear: improved data quality, reduced room for interpretation, and a stronger foundation for trust on the public internet.