Fix incorrect info re certs

Rand McKinney · Rand McKinney · commit a8bb0a42065e · 2024-08-22T14:23:18.000-07:00
diff --git a/docs/getting-started.mdx b/docs/getting-started.mdx
@@ -108,13 +108,6 @@ The above list is for reference only; inclusion does not imply endorsement by CA
 
 When you purchase a certificate, you must select at least one of the extended key usage (EKU) fields that specify what the certificate can be used for: **email protection** and **document signing**. Applications that use the CAI SDK won't accept the certificate unless it has one of these EKUs.
 
-Certificate authorities offer many levels of validation. For Content Credentials, one of these types is highly recommended (though not required):
-
-- **Organization Validated (OV).** The CA validates the organization's identity by checking its credentials against extensive databases, including those held by local governments.
-- **Extended Validation (EV).** A fully authenticated certificate, needed to offer secure web locations, email, and financial transactions.
-
-If you don't get an OV certificate, then the Content Credentials that use the certificate won't display your organization name, as shown in the examples on [verify.contentauthenticity.org](https://verify.contentauthenticity.org/).
-
 ### Extracting the certificate
 
 To work with the certificate, you need to extract it. When the CAI SDK adds Content Credentials to an asset, it incorporates the certificate (including the associated public key) into the manifest.
diff --git a/docs/prod-cert.mdx b/docs/prod-cert.mdx
@@ -34,14 +34,9 @@ CAs offer a variety of different kinds of certificates (links below are to [Digi
 - The simplest and least expensive option is an [S/MIME email certificate](https://www.digicert.com/tls-ssl/compare-secure-email-smime-certificates).
 - Other options, such as [document signing certificate](https://www.digicert.com/signing/compare-document-signing-certificates) require more rigor (like proving your identity) and cost more.
 
-### CA validation
+### Organization name
 
-CAs offer many levels of validation. For Content Credentials, one of these types is highly recommended (though not required):
-
-- **Organization Validated (OV).** The CA validates the organization's identity by checking its credentials against extensive databases, including those held by local governments.
-- **Extended Validation (EV).** A fully authenticated certificate, needed to offer secure web locations, email, and financial transactions.
-
-If you don't get an OV certificate, then the C2PA [Verify tool](https://verify.contentauthenticity.org/) won't display your organization name in the Content Credentials.
+If you want the C2PA [Verify tool](https://verify.contentauthenticity.org/) to display your organization name in the Content Credentials, your certificate must include the "O" or [Organization Name attribute OID value: 2.5.4.10](https://www.alvestrand.no/objectid/2.5.4.10.html) in the Distinguished Name information. The CA may require some validation steps to prove you are part of that organization (details vary by CA).
 
 ## The C2PA Python example
 
