mastodon - Link to source

Dear #Letsencrypt, you helped secure millions and millions of servers, not just web servers. But your announcement at letsencrypt.org/2025/05/14/endā€¦ about ending Ending TLS Client Authentication Certificate Support in 2026 because Google changes their requirements would result in your certificates becoming a possible risk for ensuring SMTP traffic. Please think again. Please.

1/5

After this change is complete, only TLS Server Authentication will be available from Letā€™s Encrypt. This change is prompted by changes to Google Chromeā€™s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs. Many uses of client authentication are better served by a private certificate authority, and so Letā€™s Encrypt is discontinuing support for TLS Client Authentication ahead of this deadline.

Ending TLS Client Authentication Certificate Support in 2026

Letā€™s Encrypt will no longer include the ā€œTLS Client Authenticationā€ Extended Key Usage (EKU) in our certificates beginning in 2026. Most users who use Letā€™s Encrypt to secure websites wonā€™t be affected and wonā€™t need to take any action.
letsencrypt.org
#letsencrypt
This entry was edited (4 months ago)

reshared this

ā‡§