AWS Security ChangesHomeSearch

AWS acm high security documentation change

Service: acm · 2025-07-25 · Security-related high

File: acm/latest/userguide/acm-concepts.md

Summary

Added notice about deprecation of 'clientAuth' EKU in certificates after June 2025

Security assessment

The change addresses a future compliance issue by announcing the deprecation of certificates with 'TLS Web Client Authentication' EKU. This proactively mitigates risks of certificate rejection by browsers, directly impacting security configurations.

Diff

diff --git a/acm/latest/userguide/acm-concepts.md b/acm/latest/userguide/acm-concepts.md
index 9e8209f44..f77138bf0 100644
--- a//acm/latest/userguide/acm-concepts.md
+++ b//acm/latest/userguide/acm-concepts.md
@@ -67,0 +68,4 @@ ACM generates X.509 version 3 certificates. Each is valid for 13 months (395 day
+###### Important
+
+Effective June 11, 2025 AWS Certificate Manager no longer issues certificates with the "TLS Web Client Authentication" (clientAuth) extended key usage (EKU) to align with new browser requirements for website certificates.
+