Upcoming changes to public TLS client authentication certificates may affect Cisco users. Audit and update trust stores to ensure secure, uninterrupted services.

Cisco's platform provides networking knowledge, offering  guides, tutorials, and case studies on networking technologies, cybersecurity, and collaboration tools. Whether you're a networking novice looking to understand the basics of routing and switching or a seasoned IT professional seeking advanced insights into network architecture and security protocols, Cisco has resources tailored to your needs. Dive into Cisco's extensive library of resources to sharpen your networking skills and stay ahead in the rapidly evolving world of IT infrastructure.

Cisco

Public Certificate Authorities will stop issuing TLS certificates with both serverAuth and clientAuth Extended Key Usage (EKU) starting June 15, 2026, following Google Chrome's root store policy changes. Organizations using mutual TLS authentication need to audit their certificate trust stores and ensure they include the new Root CAs (like IdenTrust Public Sector Root CA 1 and DigiCert Assured ID Root G2) that will continue supporting clientAuth. Cisco provides publicly accessible Trusted Root Store bundles tailored for various services. Certificates issued before the deadline remain valid until expiration, and private PKI certificates are unaffected.

Changes to TLS clientAuth Certificates: Ensuring You’re Not Impacted

What is Extended Key Usage (EKU) and Why It Matters

Certificate Authority (CA) and EKU Mapping for Cisco Services

Understanding Trust Stores and Their Importance

How to Verify What Is in Your Trust Store