To align with evolving industry requirements, Sectigo will begin enforcing a maximum TLS certificate validity of 199 days starting March 12, 2026. In addition, as of March 12, 2026 the Domain Control Validation (DV) reuse period will be restricted to 198 days.
Resource Library
Notifications
Important customer notifications involving our services and the platforms they run on.
Showing 1 to 12 of 14 notifications
To align with evolving industry requirements, Sectigo will begin enforcing a maximum Code Signing certificate validity of 459 days starting February 23, 2026
Sectigo migrates to new single-purpose Root CAs by 2026; legacy roots lose browser trust by 2027 under new security policies.
To align with CA/B Forum compliance requirements and provide a margin of safety before the official September 15 enforcement deadline, Sectigo will transition to enforcement mode for Multi-Perspective Issuance Corroboration (MPIC) on September 13, 2025.
Sectigo is removing the Client Authentication Extended Key Usage (EKU) from newly issued publicly trusted SSL/TLS certificates. This change aligns with updated industry requirements and best practices to enhance the security and purpose specificity…
Sectigo is updating and enhancing Root CA certificates.
Sectigo is phasing out the use of Locality information in favor of State or Province information.
As of March 1, 2021 Sectigo will remove street address and zip/postal code information from all public certificates.
After a review of our operations and policies, Sectigo remains confident we can weather the expected outcomes of COVID-19 with no disruption to services.
This week Apple announced at the 49th CA/Browser Forum Face-to-Face that it will limit the term of accepted TLS certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with term beyond 398 days will be distrusted…
The ability to cross-sign certificates with the AddTrust Legacy root is due to expire at the end of May 2020. Here's what you need to know.
This week Microsoft disclosed the existence of a critical vulnerability in how Windows operating systems validate ECC-based x.509 certificates and released patches for affected versions that are supported.