Discover our comprehensive collection of SSL Certificate Articles to seamlessly enable HTTPS on your website. Learn how to quickly secure your site, gain visitor trust, and improve your search rankings with our expert tips and easy-to-follow guides.
The dual-EKU TLS certificate removal ends the longstanding practice of issuing a single public certificate with both Server Authentication and Client Authentication extended key usages. From mid-2026, public CAs will only issue certificates containing the serverAuth...
A DNS CAA record is a DNS resource record that lets domain owners specify which Certificate Authorities are authorized to issue SSL/TLS certificates for their domain. Every CA must check this record before issuing a certificate. Any CA not listed in the record must...
Multi-Perspective Issuance Corroboration (MPIC) is a certificate issuance security standard that requires Certificate Authorities to verify domain ownership from multiple, geographically separate network locations before issuing an SSL/TLS certificate. Instead of a...
SSL certificate outages occur when a browser cannot verify a site's TLS/SSL certificate, causing it to block access and display a security warning instead. The certificate may have expired, been misconfigured, revoked, or installed with an incomplete chain. When any...
Certificate Transparency (CT) logs are publicly accessible, append-only records that document every SSL/TLS certificate issued by participating Certificate Authorities. When a CA issues a certificate, it must submit that certificate to at least one CT log before...
Google Chrome Root Store Policy version 1.6, published on February 15, 2025, introduced sweeping changes that affect every public Certificate Authority trusted by Chrome and, by extension, every website relying on their certificates. The policy phases out...
OCSP stapling is a TLS extension that lets your server deliver a pre-fetched, CA-signed certificate revocation status directly to connecting clients during the handshake - removing the need for browsers to make a separate request to the Certificate Authority's OCSP...
BIMI (Brand Indicators for Message Identification) and Verified Mark Certificates (VMCs) work together to display your trademarked logo directly in email inboxes - turning your brand identity into a visible trust signal before recipients open a single message. A VMC...
Starting March 15, 2026, the CA/Browser Forum voted to reduce maximum SSL/TLS certificate validity from 398 days to 200 days - and the reduction doesn't stop there. Under the approved ballot SC-081, the limit drops further to 100 days in 2027, then to 47 days in 2029....
The Sectigo Public Root CA migration requires all active SSL/TLS certificates chaining to Sectigo's older AddTrust External CA Root and USERTrust RSA roots to be reissued under the newer Sectigo root hierarchy before browser and OS trust stores complete their...