In preparation for "Ending TLS Client Authentication Certificate Support in 2026"
https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/
ClientAuth EKU should be dropped.
I will submit a PR that fully drops ClientAuth. I thought about making ClientAuth optional, but then one would need to handle situations where a leaf cert with ClientAuth is requested from a Root Cert that does not have it.
In preparation for "Ending TLS Client Authentication Certificate Support in 2026"
https://letsencrypt.org/2025/05/14/ending-tls-client-authentication/
ClientAuth EKU should be dropped.
I will submit a PR that fully drops ClientAuth. I thought about making ClientAuth optional, but then one would need to handle situations where a leaf cert with ClientAuth is requested from a Root Cert that does not have it.