CA/Browser Forum Baseline Requirements
Governs every TLS certificate you buy or provision via Let's Encrypt/ACM/Digicert. Understanding BR helps with cert errors, CAA records, and domain validation requirements.
What It Defines
Operational policy that all publicly trusted Certificate Authorities must follow to issue TLS certificates trusted by major browsers. Defines DV/OV/EV certificate types, validity periods, key requirements, and revocation.
Canonical (Normative)
Convenient (Practical)
Related References
Sets operational policy for publicly trusted TLS and S/MIME certificates. The Baseline Requirements are normative for all publicly trusted CAs and major browsers.
Related Specs
Every HTTPS connection, SMTP/IMAP over TLS, OAuth token exchange, and API call uses TLS. It is the foundational security layer.
The record types (A, MX, TXT, CNAME) you configure in every DNS panel live in this spec. Know what you're setting.