X9 PKI for TLS certificate
Regulated by the ASC X9 standards body, DigiCert's X9 PKI for TLS certificate is governed by an independent certificate policy unaffiliated with the browsers, but that ensures interoperability by using a common root of trust.
The X9 PKI for TLS certificate is ideal for organizations relying on TLS certificates for host-to-host communications like mutual TLS (mTLS), APIs, and other non-web browser use cases.
Notice
The X9 PKI for TLS certificate is not available in all CertCentral accounts by default. To enable it for your account, contact your account representative or DigiCert Support.
Features
The X9 PKI for TLS certificate includes the following capabilities:
Includes server authentication and client authentication extended key usages (EKUs) by default. You can configure the certificate to include only one EKU (client or server authentication).
Includes the digital signature key usage with an option to include the key encipherment KU (RSA CSR) or key agreement KU (ECC CSR).
Secures up to 250 domains and IP addresses on one certificate. Only fully qualified domain names and IP addresses are supported. Wildcard domains are not supported.
Available in RSA and ECC algorithms. Supports RSA 2048, 3072, and 4096 key lengths and ECC p-256 and p-384 key lengths.
Notice
For the initial release of the X9 PKI for TLS certificate, DigiCert issues ECC certificates from RSA intermediate CA certificates.
Comes with unlimited free reissues and duplicates for the life of the certificate.
Meets Accredited Standards Committee X9 requirements and standards.
What's next
Request X9 PKI for TLS certificate to order an X9 PKI for TLS certificate in CertCentral