Skip to main content

Update the default EKU option selection for your public TLS certificate

From August 12, 2025, to May 1, 2026, CertCentral is providing two new extended key usage (EKU) options on the public TLS/SSL certificate request forms under Additional certificate options. For a limited time, you can set the default extended key usage (EKU) option on your public TLS/SSL certificate request forms.

Updating the default EKU setting isn’t required to include both EKUs in your public TLS certificate. However, it simplifies the process for those ordering certificates. The requester can use a default setting instead of trying to remember if they should include one or two EKUs in their certificate.

주의

IMPORTANT – Select “Save Settings” before leaving the TLS certificate’s Product Settings page

Before October 1, 2025, Server Authentication and Client Authentication is the system’s default EKU setting for all public TLS certificates. To keep this as your default EKU setting, you must select Save Settings before leaving the TLS certificate’s Product Settings page.

What happens if I don’t save my settings?

If you don’t save your settings, the system will automatically change the TLS certificate’s default EKU setting to Server Authentication on October 1, 2025. You’ll need to return to your TLS certificate’s Product Settings page and update the default EKU setting again.

Update your Basic OV certificate’s default EKU option selection

In these instructions, we’re updating the Basic OV product settings. This process applies to any public TLS certificate in your CertCentral account. In step three, make sure to select the public TLS certificate you want to update.

  1. In CertCentral, in the left main menu, go to Settings > Product Settings.

  2. On the Product Settings page, do the following to configure the scope of your product settings before updating your Basic OV product settings:

    1. Account wide or division specific

      If you didn’t enable product configuration per division, no action is needed. All product settings apply to the entire account.

      If you enabled product configuration per division, in the For menu, select the top-level division. Selecting the main or top-level division applies the product settings to all divisions in CertCentral.

      1. Account wide

        If you didn’t enable product configuration per division, no action is needed. All product settings apply to the entire account.

        If you enabled product configuration per division, in the For menu, select the top-level division. Selecting the main or top-level division applies the product settings to all divisions in CertCentral.

      2. Division specific

        1. Select Enable Product Configuration Per Division.

        2. In the For menu, select the division that you want the product settings to apply.

    2. All user roles or a specific user role

      1. All user roles

        To apply the product settings to all user roles, deselect Configure products by role.

      2. Specific user role

        1. To apply the product settings to a specific user role, select Configure products by role.

        2. In the Role column, select the role that you want the product settings to apply.

  3. In the Product column, select Basic OV.

  4. In the Product Settings column, under Basic OV, in the Default Extended Key Usage menu, select the EKU option to be selected by default on request forms:

    • Server Authentication and Client Authentication

    • Server Authentication

  5. When ready, go to the bottom of the page and select Save Settings.

What’s next

The next time someone requests a Basic OV certificate, your designated EKU option will be selected by default on the request form.

이 섹션의 내용: