AWS acm high security documentation change
Summary
Added notice about deprecation of 'clientAuth' EKU in certificates after June 2025
Security assessment
The change addresses a future compliance issue by announcing the deprecation of certificates with 'TLS Web Client Authentication' EKU. This proactively mitigates risks of certificate rejection by browsers, directly impacting security configurations.
Diff
diff --git a/acm/latest/userguide/acm-concepts.md b/acm/latest/userguide/acm-concepts.md index 9e8209f44..f77138bf0 100644 --- a//acm/latest/userguide/acm-concepts.md +++ b//acm/latest/userguide/acm-concepts.md @@ -67,0 +68,4 @@ ACM generates X.509 version 3 certificates. Each is valid for 13 months (395 day +###### Important + +Effective June 11, 2025 AWS Certificate Manager no longer issues certificates with the "TLS Web Client Authentication" (clientAuth) extended key usage (EKU) to align with new browser requirements for website certificates. +