{"copy":"Copy","expand":"Expand","collapse":"Collapse","copy_success":"Copied!","copy_error":"Copying failed!"}
DigiCert to End Support for Client Authentication in TLS Certificates
DigiCert announced the end of support for Client Authentication EKU in public TLS certificates. The change will not affect regular HTTPS certificates but will impact features like Mutual TLS (mTLS) and server-to-server authentication.
Deadlines for Ending Client Authentication EKU
- October 1, 2025: EKU will not be included by default, but can be manually chosen.
- May 1, 2026: EKU will not be available at all, even for renewal or duplication of certificates.
How to Obtain Client Authentication?
DigiCert recommends transitioning to X9 PKI, utilizing private PKI services or managing certificates through Trust Lifecycle Manager.
