What’s Changing? Google is updating its Chrome Root Store Policy (v1.6) so that publicly‑trusted SSL/TLS certificates issued on or after June 15, 2026, can only include the serverAuth extended key usage (EKU). Certificates that also include clientAuth (used for client authentication in mutual TLS) will no longer be trusted by Chrome Key Dates to Know DateRequirementJune 15, 2025Chrome Root Store stops accepting new intermediate CAs that combine serverAuth + clientAuth .Sept 15, 2025Recommended deadline for CAs to shift to dedicated server-auth PKI hierarchies .June 15, 2026All new public SSL certs must include only serverAuth; legacy certs remain valid until they expire . Why This Matters Browser Security & Trust: Separating server and client authentication in certificate chains enhances trust and reduces security risks CA Industry Alignment: Major CAs like DigiCert,…

Streamlining the Domain Validation Processes for Efficiency Navigating the domain validation process during an SSL certificate enrollment can be challenging due to unexpected obstacles. This comprehensive guide offers effective troubleshooting strategies to ensure a seamless and efficient validation process. Whether facing email verification issues or DNS configuration problems, these tips will help you overcome common snags and streamline your domain validation efforts. Possible Email Issues WHOISThe Certification Authority may use for DCV the email address reported in whois for the domain that will be covered by the requested SSL certificate.If the WHOIS record is private or has a masked email, it will be not easy to trace where a DCV email has been sent.Depending on the host, users may be able to forward masked WHOIS emails to a real inbox.…