The timeline below is for changes by certificate authorities that Zoom is aware of. For timelines specific to your certificate authority, please contact the vendor for more information.
Google Chrome has announced that it will stop trusting public server certificates (SSL/TLS) that support client authentication extended key usage (EKU) beginning June 15, 2026. This impacts all publicly trusted TLS Certificate Authorities in use today, as all of them are currently in the Chrome Root store.
This change affects Zoom services, including Bring Your Own Carrier (BYOC) and devices utilizing SIP-connected audio, as well as Zoom services that utilize SSL/TLS certificates for client authentication. This article addresses common questions about these changes and the actions customers need to take.
| Date of change | Change |
|---|---|
| June 15, 2025 | Google Chrome will no longer trust new Intermediate Certificate Authorities (ICA) with both serverAuth and clientAuth (EKU). |
| Ocotober 7, 2025 | Sectigo will halt issuing SSL/TLS certificates with the clientAuth EKU by default. |
| October 1, 2025 | DigiCert will no longer include the clientAuth EKU by default in public SSL/TLS certificates. |
| May 1, 2026 | DigiCert will entirely remove the clientAuth EKU from public SSL/TLS certificate issuance. |
| May 13, 2026 | Let's Encrypt will stop issuing any certificates containing the clientAuth EKU. |
| May 15, 2026 | Sectigo will no longer issue any clientAuth EKU-containing certificates. |
| June 15, 2026 | Chrome will reject all public server certificates containing both serverAuth and clientAuth EKUs. |
Yes. Customers using mutual TLS (mTLS), where they communicate as a client and Zoom services serve as a server, should renew their certificates prior to when publicly trusted certificates with both client & server authentication are no longer available from Certificate Authorities. For example: Bring Your Own Carrier - Premises (BYOC-Premises).
Some major Certificate Authorities have announced they will stop issuing certificates with both client & server authentication by September 15, 2025. We recommend renewing these certificates before September 15, 2025, for a 1-year period. This will ensure that you and your partners have enough time to update trust stores.
If you have any questions or need assistance, please refer to our documentation for updating root certificates for Zoom services or contact our Support Team.