Hi, On Thu, May 15, 2025 at 03:53:42PM -0700, James Renken via mailop wrote: > As a heads up, Google Chrome's root program is requiring TLS certificate > authorities to remove the "TLS Client Authentication" Extended Key Usage > (EKU) from certificates by June 2026. Let's Encrypt will stop including the > EKU by default on February 11, 2026.
So let's say someone *is* currently using Let's Encrypt certs as client certs for authenticating with their mail servers, and wants to change as little as possible. Do we know yet if any of the LE competitors that also use the ACME protocol (and are thus compatible with LE utilities like certbot, acme.sh and so on): a) support issuing certs with the Client Authentication EKU now, and; b) do not intend to follow LE's lead on disabling these? Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
