To align with evolving industry requirements, Sectigo will begin enforcing a maximum Code Signing certificate validity of 459 days starting February 23, 2026
Resource Library
Notifications
Important customer notifications involving our services and the platforms they run on.
Showing 1 to 12 of 13 notifications
Sectigo migrates to new single-purpose Root CAs by 2026; legacy roots lose browser trust by 2027 under new security policies.
To align with CA/B Forum compliance requirements and provide a margin of safety before the official September 15 enforcement deadline, Sectigo will transition to enforcement mode for Multi-Perspective Issuance Corroboration (MPIC) on September 13, 2025.
Sectigo is removing the Client Authentication Extended Key Usage (EKU) from newly issued publicly trusted SSL/TLS certificates. This change aligns with updated industry requirements and best practices to enhance the security and purpose specificity…
Sectigo is updating and enhancing Root CA certificates.
Sectigo is phasing out the use of Locality information in favor of State or Province information.
As of March 1, 2021 Sectigo will remove street address and zip/postal code information from all public certificates.
After a review of our operations and policies, Sectigo remains confident we can weather the expected outcomes of COVID-19 with no disruption to services.
This week Apple announced at the 49th CA/Browser Forum Face-to-Face that it will limit the term of accepted TLS certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with term beyond 398 days will be distrusted…
The ability to cross-sign certificates with the AddTrust Legacy root is due to expire at the end of May 2020. Here's what you need to know.
This week Microsoft disclosed the existence of a critical vulnerability in how Windows operating systems validate ECC-based x.509 certificates and released patches for affected versions that are supported.
Sectigo recently announced that we will make a change to our issuance practices to remove “static” brand and hosting information from the OU fields of our Domain Validation (DV) certificates. These descriptors include the brand name of the…