State in postalCode field of certificate - correct?

I’m looking at the certificate for “https://www.autopartswarehouse.com”, issued by Comodo, and see, under server identity,

ST=Pennsylvania
postalCode (OID 2 5 4 17)=PA 19047

Is the “PA” in the postalCode field intentional, or was that an error? Ordinarily, US state abbreviations do not appear in postal codes.

We’re working on something that checks SSL certs against other data sources, so we noticed this. If this is normal in Comodo-issued certificates, we’d like to know what to look for. Thanks.

John Nagle
SiteTruth

Hi,

The postal code PA 19047 is exactly how it was entered when the customer created the account.

If the customer had entered only 19047 then that is what we write into the certificate.

Postal codes vary worldwide, so accepting letters as well as number is required.

Hope this helps.

Garry

Interesting. Supposedly, according to the certification practice statement for “InstantSSL”, that information was either validated by a Comodo security officer against incorporation documents or verified against a business database. But a Comodo employee has now said that it’s not validated at all.

Hi,

The validation team do validate the Postalcode.

Having PA infront of it has no bearing on the validation.

PA 19047 or 19047 are both acceptable formats.

Garry