Author Topic: State in postalCode field of certificate - correct?  (Read 8419 times)

nagle

  • Guest
State in postalCode field of certificate - correct?
« on: March 31, 2007, 02:32:32 AM »
I'm looking at the certificate for "https://www.autopartswarehouse.com", issued by Comodo, and see, under server identity,

ST=Pennsylvania
postalCode (OID 2 5 4 17)=PA 19047


Is the "PA" in the postalCode field intentional, or was that an error? Ordinarily, US state abbreviations do not appear in postal codes. 

We're working on something that checks SSL certs against other data sources, so we noticed this. If this is normal in Comodo-issued certificates, we'd like to know what to look for. Thanks.

John Nagle
SiteTruth

Offline garry

  • Retired Staff
  • Comodo's Hero
  • *****
  • Posts: 410
Re: State in postalCode field of certificate - correct?
« Reply #1 on: April 02, 2007, 06:05:44 AM »
Hi,

The postal code PA 19047 is exactly how it was entered when the customer created the account.

If the customer had entered only 19047 then that is what we write into the certificate.

Postal codes vary worldwide, so accepting letters as well as number is required.

Hope this helps.

Garry

nagle

  • Guest
Re: State in postalCode field of certificate - correct?
« Reply #2 on: April 03, 2007, 03:22:06 PM »
Interesting. Supposedly, according to the certification practice statement for "InstantSSL", that information was either validated by a Comodo security officer against incorporation documents or verified against a business database.  But a Comodo employee has now said that it's not validated at all.


Offline garry

  • Retired Staff
  • Comodo's Hero
  • *****
  • Posts: 410
Re: State in postalCode field of certificate - correct?
« Reply #3 on: April 04, 2007, 06:29:55 AM »
Hi,

The validation team do validate the Postalcode.

Having PA infront of it has no bearing on the validation.

PA 19047 or 19047 are both acceptable formats.

Garry

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek