Update the default EKU option selection for your public TLS certificate
From August 12, 2025, to May 1, 2026, CertCentral is providing two new extended key usage (EKU) options on the public TLS/SSL certificate request forms under Additional certificate options. For a limited time, you can set the default extended key usage (EKU) option on your public TLS/SSL certificate request forms.
Updating the default EKU setting isn’t required to include both EKUs in your public TLS certificate. However, it simplifies the process for those ordering certificates. The requester can use a default setting instead of trying to remember if they should include one or two EKUs in their certificate.
주의
IMPORTANT – Select “Save Settings” before leaving the TLS certificate’s Product Settings page
Before October 1, 2025, Server Authentication and Client Authentication is the system’s default EKU setting for all public TLS certificates. To keep this as your default EKU setting, you must select Save Settings before leaving the TLS certificate’s Product Settings page.
What happens if I don’t save my settings?
If you don’t save your settings, the system will automatically change the TLS certificate’s default EKU setting to Server Authentication on October 1, 2025. You’ll need to return to your TLS certificate’s Product Settings page and update the default EKU setting again.
Update your Basic OV certificate’s default EKU option selection
In these instructions, we’re updating the Basic OV product settings. This process applies to any public TLS certificate in your CertCentral account. In step three, make sure to select the public TLS certificate you want to update.
In CertCentral, in the left main menu, go to Settings > Product Settings.
On the Product Settings page, do the following to configure the scope of your product settings before updating your Basic OV product settings:
Account wide or division specific
If you didn’t enable product configuration per division, no action is needed. All product settings apply to the entire account.
If you enabled product configuration per division, in the For menu, select the top-level division. Selecting the main or top-level division applies the product settings to all divisions in CertCentral.
Account wide
If you didn’t enable product configuration per division, no action is needed. All product settings apply to the entire account.
If you enabled product configuration per division, in the For menu, select the top-level division. Selecting the main or top-level division applies the product settings to all divisions in CertCentral.
Division specific
Select Enable Product Configuration Per Division.
In the For menu, select the division that you want the product settings to apply.
All user roles or a specific user role
All user roles
To apply the product settings to all user roles, deselect Configure products by role.
Specific user role
To apply the product settings to a specific user role, select Configure products by role.
In the Role column, select the role that you want the product settings to apply.
In the Product column, select Basic OV.
In the Product Settings column, under Basic OV, in the Default Extended Key Usage menu, select the EKU option to be selected by default on request forms:
Server Authentication and Client Authentication
Server Authentication
When ready, go to the bottom of the page and select Save Settings.
What’s next
The next time someone requests a Basic OV certificate, your designated EKU option will be selected by default on the request form.