top | item 46951788

(no title)

From https://letsencrypt.org/2025/05/14/ending-tls-client-authent...

"This change is prompted by changes to Google Chrome’s root program requirements, which impose a June 2026 deadline to split TLS Client and Server Authentication into separate PKIs. Many uses of client authentication are better served by a private certificate authority, and so Let’s Encrypt is discontinuing support for TLS Client Authentication ahead of this deadline."

TL;DR blame Google

discuss

bawolff|20 days ago

Google didn't force lets encrypt to totally get out of the client cert business, they just decided it wasn't worth the effort anymore.

nickf|20 days ago

Publicly-trusted client authentication does nothing. It's not a thing that should exist, or is needed.

everfrustrated|20 days ago

Feel free to start your own non-profit to issue client certs signed by a public authority.

As LE says, most users of client certs are doing mtls and so self-signed is fine.

josephcsible|20 days ago

> they just decided it wasn't worth the effort anymore

That seems disingenuous. Doesn't being in the client cert business now require a lot of extra effort that it didn't before, due entirely to Google's new rule?