The End of ClientAuth EKU…Oh Mercy…What to do?

If you’ve spent any time recently monitoring the cryptography and/or Public Key Infrastructure (PKI) spaces…beyond that ever-present “Post Quantum” thing, you may have read that starting in May of 20...
Published Dec 04, 2025
Version 1.0
certficate
EKU
PKI
security
ssl
tls
TimRiker's avatar
TimRiker
Icon for Cirrocumulus rankCirrocumulus
Feb 11, 2026

From what I can see, LTM, and device trust replication appears unaffected. Is this true? I did not see any replication errors for those.

I'm not sure what GTM is doing differently to trigger this, but if LTM still works without a client EKU, I'd suggest GTM should do whatever LTM does.

The other alternative is to have a separate root trust for client certificates and stop re-using the httpd management and REST server certificate in a client context.

In any case, I would hope for an automated way to update all certificates every 30 days before 2029.