Chrome: New SSL Certificates Can’t Support Client Authentication Starting June 15, 2026

Google Chrome will no longer recognize the client authentication (ClientAuth) extended key usage (EKU) found in SSL/TLS certificates starting in June 2026, and CAs are rolling out changes to their certificates well ahead of the deadline

Google’s Chrome Root Store Policy (v1.6) update encourages CAs not to wait to shift to PKI hierarchies that support server authentication only

Google Chrome has announced that it will stop trusting public server certificates (SSL/TLS certificates) that support the client authentication extended key usage (clientAuth EKU) starting June 15, 2026.

This change won’t impact most users or websites (e.g., organizations that use SSL certificates for server authentication only). But if you’re using your SSL certificate for client authentication, you’ll need to make changes sooner rather than later.

But why is this change happening? And what does this removal of the clientAuth EKU from public SSL certificates mean for your organization?

Let’s hash it out.

The post Chrome: New SSL Certificates Can’t Support Client Authentication Starting June 15, 2026 appeared first on Hashed Out by The SSL Store™.

Article source: https://www.thesslstore.com/blog/chrome-ssl-certificate-client-authentication-ends-june-2026/