Skip to main content
Splunk Lantern is a nominee for Knowledge Innovation and Knowledge Management in the CXOne Customer Recognition Awards. Click here to vote for us!
Lantern Home

 

Splunk Lantern

Updating server and client certificates to comply with industry-wide certificate changes

  1. Last updated
  2. Save as PDF

Splunk Enterprise and Splunk Cloud Platform customers will be affected by two upcoming industry-wide security certificate changes. These changes are not specific to Splunk products, and other products you use might also be impacted. You will need to take action to ensure you are not impacted. 

Extended Key Usage (EKU) changes

Beginning in May of 2026, several third-party certificate authorities (CAs) will no longer issue public Transport Layer Security (TLS) server certificates with both the "Client Auth" and "Server Auth" EKU extensions. These changes affect the issuance of new certificates as well as renewed, re-issued, or duplicate certificates. In addition, Google Chrome will stop accepting security certificates that include the "Client Auth" EKU extension. The changes are in line with industry standards to improve overall security by separating certificate usages and maintain compliance with directives from browser vendors such as the Google Chrome Root Program.

This change means that you need to update certificates provided by public CAs that include both server and client authentication EKU extensions before May 2026 if your organization relies on Google Chrome. Even if you are not using Google Chrome, you should consider making this change proactively.

You should reach out to your CA vendor and work with them on the update process. If you are using a private CA, you might need to review the process for issuing certificates that only include server authentication in EKU. If certificates based on a private CA are deployed in a workflow that does not involve Google Chrome (for example mTLS for S2S or KVStore), then you are not yet required to update these certificates.

You can find more information about this change at Splunk Help.

Certificate duration changes

Beginning from March 15th 2026 and continuing through 2029, the industry-standard maximum time lifespan for security certificates will progressively reduce in order to improve security. The schedule for this reduction is: 

  • March 15th 2026: 200 days maximum lifespan
  • March 15th 2027: 100 days maximum lifespan
  • March 15th 2029: 47 days maximum lifespan

Existing certificates with different durations will continue to work, but when you renew certificates, you will need to move to a maximum of the durations listed above.

You can find more information about this change here.