Webinar: Scaling Private PKI from Legacy Roots to Modern Workloads

Scaling Private PKI: What You Need to Know

Google is phasing out publicly trusted client authentication certificates, and the deadline is closer than you think. In this webinar, PKI veteran Jason Soroko from Sectigo breaks down what’s changing, what’s at risk, and how to get ahead of it.

Key takeaways from the webinaret:

There’s a deadline approaching
Google is removing client authentication EKU from publicly trusted certificates. The last date to issue these certificates through Sectigo will be February 10, 2027

More is affected than you’d expect.
VPNs, Wi-Fi auth, SSO, mutual TLS, and device/workload identity all rely on these certificates. Start with a full certificate inventory to understand your exposure.

Private CA is no longer a big project.
Modern private CAs can be deployed quickly and cost-effectively — giving you full control over profiles, lifecycle, and integrations without CA/B Forum constraints.

If you run Microsoft AD CS, you have options.
Augment it, run a hybrid model, or replace it entirely — the right path depends on your environment.

Dotkeeper is happy to guide you through what’s happening in the certificate landscape. Contact us today!

Watch the recording here: