Certificate Authorities must abide by government-mandated sanctions (commonly referred to as Foreign Sanctions Evaders List (OFAC) sanctions) against governments and regimes. In abiding to sanctions, TLS/SSL certificates cannot be issued to countries that are restricted. The following table provides a list of certificate providers, and the list of banned or embargoes countries which cannot be issued a certificate.
If a country is on this list that is not currently under government sanctions, the certificate provider may have other reasons for not doing business with that country.
Banned Countries by Certificate Authority Provider
| Provider | Banned / Embargoes Countries | Notes |
|---|---|---|
| DigiCert | Cuba Iran Korea, Democratic People’s Rep. (North Korea) Syria (Syrian Arab Republic) | In response to the Russian invasion of Ukraine, Digicert has restricted business with Russia and Belarus. Digicert is prohibited from issuing certificates for entities classified as being associated with the Government of Venezuela. |
| Entrust | Afghanistan Belarus Central African Republic Côte d’Ivoire Cuba Democratic Republic of Congo North Korea Eritrea Guinea Guinea-Bissau Iran Iraq Lebanon Libya Liberia Myanmar Pakistan Russia (Russian Federation) Somalia South Sudan Syria (Syrian Arab Republic) Sudan Tunisia Ukraine Yemen Zimbabwe | |
| IdenTrust | Belarus Democratic Republic of Congo Cuba Iran, Islamic Republic of Iraq North Korea Lebanon Libya Myanmar Russia (Russian Federation) Somalia Sudan Syria (Syrian Arab Republic) Ukraine Venezuela Yemen Zimbabwe | |
| Sectigo / Comodo | Afghanistan Belarus Cuba Eritrea Guinea Iran Liberia North Korea Russia (Russian Federation) South Sudan Syria (Syrian Arab Republic) Zimbabwe | |
| Let’s Encrypt | Cuba Iran North Korea Sudan Syria (Syrian Arab Republic) | |
| GoDaddy | Cuba Iran North Korea Russia Sudan Syria (Syrian Arab Republic) | |
| Last Updated: November 6, 2022 |
Why is a country banned from issuing a SSL/TLS Certificate?
Usually, it is because the country is experiencing a period of political unrest and the security of information traveling in and out may be compromised by the government or an outside entity. For the potentially restricted countries – there can be a variety of reasons, one of them being that the company issuing you the SSL certificate could infringe a trade agreement by engaging in business with a website located in one of the restricted countries. For countries like Belarus, web censorship is present and can affect security of SSL certificates in the region. (Read more.)
