[TLS] Re: TLS Client Certificates; a survey

Mon, 23 Mar 2026 22:19:14 -0700

I need to use mTLS for client auth with Financial Institutions. They've now switched to X9 PKI[0], needed to add the X9 PKI root to my application's trust store, otherwise not too bad. The traditional CA client certs I'm using are still valid for clientAuth, but probably would need to switch to X9 PKI once they expire.
Sidenote: Google's influence is kinda crazy in this regard; they just said Chrome would not accept these anymore, and all the CAs immediately dropped clientAuth. Scary. 

Regards,
Raghu Saxena

[0] https://www.digicert.com/campaigns/asc-x9

On 3/23/26 10:33 PM, Salz, Rich wrote:

Since WebPKI CA’s will not be able to issue TLS-Client certificates, 
what are the customers and CAs thinking of doing?



Replies to be will be summarized to both lists. Please be careful if 
you use reply-all.



_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]



Attachment:
OpenPGP_signature.asc

Description: OpenPGP digital signature


_______________________________________________
TLS mailing list -- [email protected]
To unsubscribe send an email to [email protected]























					Reply via email to