Countries Banned From Obtaining TLS/SSL Certificates

Certificate Authorities must abide by government-mandated sanctions (commonly referred to as Foreign Sanctions Evaders List (OFAC) sanctions) against governments and regimes. In abiding to sanctions, TLS/SSL certificates cannot be issued to countries that are restricted. The following table provides a list of certificate providers, and the list of banned or embargoes countries which cannot be issued a certificate.

If a country is on this list that is not currently under government sanctions, the certificate provider may have other reasons for not doing business with that country.

Banned Countries by Certificate Authority Provider

ProviderBanned / Embargoes CountriesNotes
DigiCert Cuba
Iran
Korea, Democratic People’s Rep. (North Korea)
Syria (Syrian Arab Republic)
In response to the Russian invasion of Ukraine, Digicert has restricted business with Russia and Belarus. Digicert is prohibited from issuing certificates for entities classified as being associated with the Government of Venezuela.
EntrustAfghanistan
Belarus
Central African Republic
Côte d’Ivoire
Cuba
Democratic Republic of Congo
North Korea
Eritrea
Guinea
Guinea-Bissau
Iran
Iraq
Lebanon
Libya
Liberia
Myanmar
Pakistan
Russia (Russian Federation)
Somalia
South Sudan
Syria (Syrian Arab Republic)
Sudan
Tunisia
Ukraine
Yemen
Zimbabwe
IdenTrustBelarus
Democratic Republic of Congo
Cuba
Iran, Islamic Republic of
Iraq
North Korea
Lebanon
Libya
Myanmar
Russia (Russian Federation)
Somalia
Sudan
Syria (Syrian Arab Republic)
Ukraine
Venezuela
Yemen
Zimbabwe
Sectigo / ComodoAfghanistan
Belarus
Cuba
Eritrea
Guinea
Iran
Liberia
North Korea
Russia (Russian Federation)
South Sudan
Syria (Syrian Arab Republic)
Zimbabwe
Let’s EncryptCuba
Iran
North Korea
Sudan
Syria (Syrian Arab Republic)
GoDaddyCuba
Iran
North Korea
Russia
Sudan
Syria (Syrian Arab Republic)
Last Updated: November 6, 2022
Table of Certificate Authorities and the countries that are banned from obtaining a TLS/SSL server certificate.
world map showing the list of banned and restricted countries from obtaining SSL/TLS certificates

Why is a country banned from issuing a SSL/TLS Certificate?

Usually, it is because the country is experiencing a period of political unrest and the security of information traveling in and out may be compromised by the government or an outside entity. For the potentially restricted countries – there can be a variety of reasons, one of them being that the company issuing you the SSL certificate could infringe a trade agreement by engaging in business with a website located in one of the restricted countries. For countries like Belarus, web censorship is present and can affect security of SSL certificates in the region. (Read more.)

Leave a Comment