Further Changes to Public TLS/SSL Certificates

In the last couple month there are a lot of things changing with TLS/SSL certificates, not just the lifespan change that starts March 15, 2026.
Also extensions like Client Authentication EKU are being removed from public TLS/SSL certs. Since December 2025 this extension is already no longer added by the CA’s anymore and
will be deprecated by 1st May 2026.
If you want you use this you need to use other pki certs like X9 PKI for TLS certificates ore Private PKI (Private CA) that gives you full control.
It basically means that TLS/SSL can only be used for server-to-server to authentication.

Some links to knowledge base

https://www.sectigo.com/faq-client-authentication-eku-deprecation

https://knowledge.digicert.com/alerts/sunsetting-client-authentication-eku-from-digicert-public-tls-certificates