Overview
InCommon has announced a major change to its certificate service, ending its long-standing relationship with Sectigo. This transition will impact organizations—particularly in higher education and healthcare—that rely on InCommon for publicly trusted TLS certificates.
As part of this shift, InCommon will move its certificate services to Certinext, a public Certificate Authority (CA) operated by eMudhra.
What’s changing
- Transition start date: April 7, 2026
- Full transition completion: July 17, 2026
- Post-transition state:
- Sectigo will no longer issue certificates through InCommon.
- All new certificates will be issued via Certinext.
- Existing certificates:
- Certificates issued before July 17, 2026 will remain valid through their standard lifecycle
(potentially into early 2027).
- Certificates issued before July 17, 2026 will remain valid through their standard lifecycle
Customer impact
Organizations using InCommon certificates via Sectigo integrations should be aware of the following:
- No new issuance via Sectigo
- Existing integrations will no longer support new certificate requests after the transition.
- Integration updates required
- Renewals and new enrollments will require integration with InCommon’s new Certinext
service.
- Renewals and new enrollments will require integration with InCommon’s new Certinext
- Risk of disruption
- Customers who do not update their integrations may experience:
- Failed certificate enrollments
- Renewal issues after the transition period
- Customers who do not update their integrations may experience:
- Industry-wide change
- This is not specific to Keyfactor.
- It reflects a broader shift in public CA partnerships impacting all platforms integrated
with InCommon via Sectigo.
How Keyfactor is responding
Keyfactor is actively preparing to support customers through this transition:
- Prioritizing support for Certinext to ensure continuity in certificate automation and lifecycle
management - Developing clear migration guidance and paths for customers currently using InCommon
with Sectigo - Engaging directly with customers (hosted and on-prem) to:
- Minimize disruption
- Prevent certificate expirations during the transition
Recommended actions
No immediate action is required if your current certificates remain valid. However, customers should begin preparing by:
- Reviewing current integrations
- Confirm whether your environment relies on InCommon/Sectigo
- Planning ahead
- Prepare for integration updates before the July 2026 cutoff
- Engaging Keyfactor
- Connect with your Keyfactor representative to:
- Understand your specific impact
- Align on timing and migration options
- Connect with your Keyfactor representative to:
What’s next
Keyfactor will continue to share updates as additional technical details and timelines become available. Our goal is to ensure a smooth transition with minimal impact to your certificate operations.
Articles in this section
- Industry update: InCommon certificate service transition
- Keyfactor Acquires InfoSec Global and CipherInsights to Accelerate Digital Trust & Crypto-Agility
- Q1 2025 KFU content update
- Important Notice: EJBCA - Potential CAA compliance issue
- Service outage announcement: Hosted environments impacted [Resolved] - July 19, 2024
- FAQs: Post-quantum cryptography
Add comment
Please sign in to leave a comment.