AnnouncementsIf you are a client of KeyBank APIs, look here to stay up to date on the latest changes, enhancements, and required maintenance tasks. These announcements are for information purposes only. If you have specific questions or concerns, please reach out to your Technical Account Manager.December 2025DigiCert changes for mTLS certificatesTo improve security with mTLS certification, DigiCert is removing the Client Authentication Extended Key Usage (EKU) from its public TLS certificates and moving to the Public Key Infrastructure (PKI). This change aligns with Google Chrome’s root program requirements, which mandate dedicated TLS hierarchies for better security and interoperability.To view the details and specifications from DigiCert, see Sunsetting Client Authentication EKU from DigiCert Public TLS Certificates. What do I need to doIf you use DigiCert mTLS certificates, you must transition to DigiCert's X9 PKI and set up a private PKI for internal authentication needs. We recommend reviewing your certificate enrollment settings now and proactively setting up your DigiCert certification.Deadline AwarenessOctober 1, 2025: DigiCert stops adding Client Authentication EKU by default.May 1, 2026: Client Authentication EKU removed from all new, renewed, or reissued public TLS certificates.