We’re writing to remind you of an upcoming change to Sectigo SSL/TLS certificates that may affect how you use them. This change was previously communicated with an effective date of October 7, 2025, but has now been deferred to October 14, 2025 to give customers additional time to prepare.
Starting October 14, newly issued SSL/TLS certificates will no longer include the Client Authentication function EKU (also known as id-kp-clientAuth). This industry-wide change is part of a broader effort to improve security and clarify certificate usage.
WHAT DOES THIS MEAN FOR YOU?
If you use SSL/TLS certificates only to secure websites (HTTPS), no action is required.
If you use certificates for mutual authentication, mTLS, or server-to-server authentication, you may be affected and should review your usage.
WHEN IS THIS HAPPENING?
- October 14, 2025 – New, renewed, and reissued SSL/TLS certificates will no longer include Client Authentication.
- May 15, 2026 – This change becomes permanent for all newly issued SSL/TLS certificates. No exceptions will be granted after this date.
WHAT TO DO NEXT
- If you’re unsure whether this impacts you, we recommend checking your use of SSL/TLS certificates or consulting your IT administrator.
- If your certificates are not used for mutual TLS (mTLS), server-to-server authentication, or other client authentication purposes, no action is needed.
- If mutual authentication is in use, you may need to migrate to a Private Certificate Authority (Private CA) solution.
Senaste kommentarer