All Systems Operational

Updated a few seconds ago

Certificate Issuing Platforms

Operational

Certificate Lifecycle Management Platforms

Operational

Certificate Revocation Platforms

Operational

Certificate Transparency

Operational

Websites

Operational

Client Areas

Operational

Time Stamping

Operational

Scheduled Maintenance

Sectigo Announcement:: Upcoming removal of WHOIS-Based Domain Control!Planned Maintenance

Schedule

June 15, 2025 12:00AM - 12:00AM UTC

Components

Certificate Issuing Platforms

Locations

Public CA

Description

Sectigo Announcement: Recent vulnerabilities in the domain name WHOIS system (https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/) have highlighted the WHOIS-based domain-validation method as a weakness in the process of validating publicly-trusted digital certificates. As a result, a ballot has been proposed in the CA Browser Forum (CABF) requiring that WHOIS-listed email addresses are no longer acceptable for domain validation, nor can historic domain validations based on WHOIS email addresses be reused. This ballot aims to deprecate the WHOIS-based domain validation method. We are currently investigating the impact of this proposed change. If you use WHOIS-based domain validation methods, we recommend migrating to alternative methods as soon as possible. The proposed removal date has moved from November 1st, 2024 to July 3rd, 2025. Additional information can be found here: https://www.sectigo.com/whois-email-dcv-deprecation

July 8, 2025 9:47PM UTC
[Update] Update: All domains that were using WHOIS-based DCV have been removed from the backend database List as of today. Customers are now required to initiate a new DCV to avoid any service disruptions. Please ensure that any domains previously validated via WHOIS email are revalidated as soon as possible. If you have any questions or concerns, feel free to contact the Sectigo Support Team.
Upcoming Change: SHA-256 to be Used for New TLS Certificates Starting June 23Planned Maintenance

Schedule

June 23, 2025 1:00PM - 1:00PM UTC

Components

Certificate Issuing Platforms

Locations

Public CA

Description

We want to inform you about an upcoming change in the signature hash algorithm used for TLS certificates issued from our new CA hierarchy. Effective June 23, 2025, at 13:00 UTC, newly issued TLS certificates will be signed using the SHA-256 hashing algorithm. This reverses the recent move to SHA-384, based on issues identified in real-world deployments. As SHA-256 was the prior default, we do not anticipate disruptions. Need SHA-256 certificates before June 23? Please reach out to your support contact within Sectigo Looking ahead: In a future release, we plan to make SHA-384 an optional selection for customers wishing to test SHA-384 readiness. Additional development is required before this option will become available. We appreciate your understanding as we take proactive steps to maintain the highest reliability and compatibility of issued certificates. Sectigo Team.
Important Update: Deprecation of Client Authentication EKU from Sectigo SSL/TLS Certificates !Planned Maintenance

Schedule

October 14, 2025 12:00AM - 12:00AM UTC

Components

Certificate Issuing Platforms

Locations

Public CA

Description

Effective October 14, 2025 "Previously October 7th", Sectigo will no longer include Client Authentication (id-kp-clientAuth) in Extended Key Usage (EKU) for newly issued SSL/TLS certificates. This change aligns with updated industry requirements and best practices aimed at improving the security and purpose specificity of publicly trusted certificates. What is changing? For many years, SSL/TLS certificates have commonly included both Server Authentication and Client Authentication EKUs. Moving forward, the Client Authentication EKU will be deprecated in SSL/TLS certificates due to updated requirements from major Root Programs. Important dates Effective October 14, 2025 "Previously October 7th" : Sectigo will stop including the Client Authentication EKU in SSL/TLS certificates by default. Effective May 15, 2026: Sectigo will no longer include the Client Authentication EKU in any newly issued SSL/TLS certificates. What do your customers need to do? If they don't use Sectigo SSL/TLS certificates for mutual TLS (mTLS), server-to-server authentication, or other Client Authentication use cases, no action is required. If they are using SSL/TLS certificates for Client Authentication purposes, we recommend they evaluate alternative solutions as soon as possible. For most organizations, Private PKI offers the best path forward to support mTLS and similar use cases. Please contact a Sectigo sales representative to assist with planning and deploying a Private CA tailored to the environment. Need assistance? If you are unsure whether this change impacts your customers, or if you need guidance on migrating to alternative solutions, please contact us at clientauth@sectigo.com. Learn more For additional information, we have prepared a FAQ covering the deprecation timeline, impacted services, and alternative options: 🔗 https://www.sectigo.com/faq-client-authentication-eku-deprecation Thank you for your prompt attention to this important industry change.

October 6, 2025 8:58PM UTC
[Update] Reminder: Upcoming Changes to SSL/TLS Certificates: Sectigo is updating the timeline for the deprecation of the Client Authentication EKU (id-kp-clientAuth) from SSL/TLS certificates. Previously scheduled for October 7, 2025, this change will now take effect on October 14, 2025, giving customers additional time to assess and update usage as needed. Starting on this new date, newly issued, reissued, or renewed SSL/TLS certificates will no longer include the Client Authentication EKU. This change supports best practices by ensuring digital certificates are used only for their intended purpose. Customers relying on SSL/TLS certificates for mTLS, mutual authentication, or server-to-server authentication should review their environments and consider transitioning to a Private CA solution. For additional details and guidance, please refer to the following resources: FAQ: https://www.sectigo.com/faq-client-authentication-eku-deprecation Official Notification: https://www.sectigo.com/resource-library/deprecation-of-client-authentication-eku-from-sectigo-ssl-tls-certificates Status Update: https://sectigo.status.io/pages/maintenance/5938a0dbef3e6af26b001921/682e059f9d613005347bced8 Blog Post: https://www.sectigo.com/resource-library/tls-client-authentication-public-ca-end-2026
Scheduled Maintenance 23:59 UTC Sat 8th November 2025 to 02:00 UTC Sun 9th November 2025 Planned Maintenance

Schedule

November 8, 2025 11:59PM - November 9, 2025 2:00AM UTC

Components

Certificate Issuing Platforms, Certificate Lifecycle Management Platforms, Client Areas

Locations

Public CA, SCM (cert-manager.com), SCM (hard.cert-manager.com), secure.trust-provider.com, S3, secure.sectigo.com, SCM (eu.cert-manager.com), api.xolphin.com

Description

Sectigo Certificate Issuing Platform Scheduled Maintenance Saturday, November 8, 2025; 23:59 UTC. Sectigo Certificate Issuing Platform Scheduled Maintenance: • Minor Fixes • Minor Improvements We anticipate that our certificate issuing platform will be unavailable for up to 2 hours while we add this additional functionality to the system. Please contact your Sectigo support resource if you require additional information about this scheduled maintenance event.