May\u0131s 2026’dan itibaren, Let’s Encrypt, DigiCert, Sectigo gibi t\u00fcm b\u00fcy\u00fck public sertifika otoriteleri, TLS client authentication i\u00e7in sertifika imzalamay\u0131 durduracak. Bu de\u011fi\u015fiklik, Google Chrome’un yeni k\u00f6k program gereksinimlerinden kaynaklan\u0131yor ve sekt\u00f6r genelinde zorunlu bir ge\u00e7i\u015fi tetikliyor.<\/p>\n\n\n\n
2025 Ekim:<\/strong> \u00c7o\u011fu CA, varsay\u0131lan olarak client authentication EKU’sunu kald\u0131rmaya ba\u015flayacak Etkilenmiyorsunuz<\/strong><\/p>\n\n\n\n Sertifikalar\u0131n\u0131z\u0131 sadece web sitelerini g\u00fcvenli hale getirmek (HTTPS) i\u00e7in kullan\u0131yorsan\u0131z, hi\u00e7bir \u015fey yapman\u0131za gerek yok.<\/p>\n\n\n\n Dikkat: Bu Senaryolardan Biri Varsa<\/strong><\/p>\n\n\n\n Public CA’lardan al\u0131nan ve client authentication i\u00e7in kullan\u0131lan her sertifika, 2026’dan sonra yenilenemeyecek.<\/p>\n\n\n\n Art\u0131k client authentication i\u00e7in tek ge\u00e7erli \u00e7\u00f6z\u00fcm, organizasyonlar\u0131n kendi private PKI altyap\u0131lar\u0131n\u0131 kurmas\u0131. \u0130yi haber \u015fu ki, modern ara\u00e7lar sayesinde bu ge\u00e7i\u015f eskisi kadar karma\u015f\u0131k de\u011fil.<\/p>\n\n\n\n Private PKI’n\u0131n Avantajlar\u0131<\/strong><\/p>\n\n\n\n 1. Sertifika Envanteri<\/strong><\/p>\n\n\n\n \u0130lk ad\u0131m, mevcut durumu anlamak. Hangi sertifikalar\u0131n client authentication i\u00e7in kullan\u0131ld\u0131\u011f\u0131n\u0131, hangi sistemlerin etkilenece\u011fini ve \u00f6ncelik s\u0131ralamas\u0131n\u0131 belirlemek kritik.<\/p>\n\n\n\n 2. Private CA Altyap\u0131s\u0131<\/strong><\/p>\n\n\n\n Modern \u00e7\u00f6z\u00fcmler, root CA ve intermediate CA hiyerar\u015fisi kurman\u0131z\u0131, farkl\u0131 kullan\u0131m durumlar\u0131 i\u00e7in \u00f6zel sertifika profilleri olu\u015fturman\u0131z\u0131 ve ACME, EST, SCEP gibi standart protokollerle entegrasyon yapman\u0131z\u0131 sa\u011fl\u0131yor.<\/p>\n\n\n\n 3. Certificate Lifecycle Management (CLM)<\/strong><\/p>\n\n\n\n Artan sertifika say\u0131s\u0131 ve daha s\u0131k renewal gereksinimleri g\u00f6z \u00f6n\u00fcne al\u0131nd\u0131\u011f\u0131nda, manuel y\u00f6netim art\u0131k s\u00fcrd\u00fcr\u00fclebilir de\u011fil. Ba\u015far\u0131l\u0131 bir ge\u00e7i\u015f i\u00e7in ihtiya\u00e7 duydu\u011funuz yetenekler:<\/p>\n\n\n\n A\u015fama 1: De\u011ferlendirme (Hemen)<\/strong><\/p>\n\n\n\n A\u015fama 2: Pilot (2025 Q4)<\/strong><\/p>\n\n\n\n A\u015fama 3: \u00dcretim Ge\u00e7i\u015fi (2026 Q1-Q2)<\/strong><\/p>\n\n\n\n Must-have \u00d6zellikler<\/strong><\/p>\n\n\n\n Se\u00e7ece\u011finiz platformun mutlaka sunmas\u0131 gerekenler:<\/p>\n\n\n\n Entegrasyon Ekosistemi<\/strong><\/p>\n\n\n\n Platform, mevcut altyap\u0131n\u0131zla uyumlu olmal\u0131:<\/p>\n\n\n\n G\u00fcvenlik<\/strong><\/p>\n\n\n\n Otomasyon<\/strong><\/p>\n\n\n\n Organizasyon<\/strong><\/p>\n\n\n\n Public CA’lar\u0131n 2026’da client authentication deste\u011fini sonland\u0131rmas\u0131, sadece bir politika de\u011fi\u015fikli\u011fi de\u011fil – organizasyonlar\u0131 daha kontroll\u00fc ve g\u00fcvenli bir PKI modeline ge\u00e7meye zorlayan yap\u0131sal bir d\u00f6n\u00fc\u015f\u00fcm.<\/p>\n\n\n\n Son uyar\u0131:<\/strong> May\u0131s 2026’dan sonra public CA’lardan client authentication sertifikas\u0131 almak imkans\u0131z hale gelecek. S\u00fcrprizlerle kar\u015f\u0131la\u015fmamak i\u00e7in ge\u00e7i\u015f plan\u0131n\u0131z\u0131 bug\u00fcn olu\u015fturun.<\/p>\n\n\n\n Modern CLM platformlar\u0131, bu ge\u00e7i\u015fi hem kolay hem de de\u011fer yaratan bir f\u0131rsata d\u00f6n\u00fc\u015ft\u00fcrebilir. Do\u011fru ara\u00e7 se\u00e7imi ve iyi bir planlama ile, bu zorunlu ge\u00e7i\u015f organizasyonunuz i\u00e7in uzun vadeli bir kazan\u0131ma d\u00f6n\u00fc\u015fecektir.<\/p>\n\n\n\n SecTrail CM, sertifika ya\u015fam d\u00f6ng\u00fcs\u00fc y\u00f6netimi i\u00e7in kapsaml\u0131 bir platform sunuyor. Sertifika envanteri \u00e7\u0131karma, otomasyondan, hedef sistemlere sertifika da\u011f\u0131t\u0131m\u0131na kadar t\u00fcm s\u00fcre\u00e7lerde destek sa\u011fl\u0131yoruz. Daha fazla bilgi i\u00e7in bizlere ula\u015f\u0131n<\/a>.<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" Ne Oluyor? May\u0131s 2026’dan itibaren, Let’s Encrypt, DigiCert, Sectigo gibi t\u00fcm b\u00fcy\u00fck public sertifika otoriteleri, TLS client authentication i\u00e7in sertifika imzalamay\u0131 durduracak. Bu de\u011fi\u015fiklik, Google Chrome’un [\u2026]<\/span><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"class_list":["post-439","post","type-post","status-publish","format-standard","hentry","category-uncategorized-tr"],"_links":{"self":[{"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":24,"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"predecessor-version":[{"id":624,"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/posts\/439\/revisions\/624"}],"wp:attachment":[{"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sectrail.com\/cm\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
2026 May\u0131s:<\/strong> Hi\u00e7bir public CA’dan client authentication sertifikas\u0131 al\u0131namayacak
2026 Haziran:<\/strong> Chrome, TLS server authentication i\u00e7in \u00f6zel olarak ayr\u0131lm\u0131\u015f root certificate hierarchy’lerini kabul edecek (client auth ve server auth farkl\u0131 root’lardan gelecek)<\/p>\n\n\n\nKimler Etkileniyor?<\/h3><\/p>\n\n\n\n
\n
\u00c7\u00f6z\u00fcm: Private PKI’a Ge\u00e7i\u015f<\/h3><\/p>\n\n\n\n
\n
Ba\u015far\u0131l\u0131 Ge\u00e7i\u015f \u0130\u00e7in Gerekenler<\/h3><\/p>\n\n\n\n
\n
Ge\u00e7i\u015f Stratejisi<\/h3><\/p>\n\n\n\n
\n
\n
\n
Teknoloji Se\u00e7imi: Nelere Dikkat Etmeli?<\/h3><\/p>\n\n\n\n
\n
\n
Pratik \u00d6neriler<\/h3><\/p>\n\n\n\n
\n
\n
\n
Ara\u00e7 Se\u00e7erken Kar\u015f\u0131la\u015ft\u0131rma Kriterleri<\/h3><\/p>\n\n\n\n
Kriter<\/strong><\/td> Neden \u00d6nemli<\/strong><\/td> Kontrol Edilmesi Gerekenler<\/strong><\/td><\/tr><\/thead> Ke\u015fif kapasitesi<\/td> Gizli sertifikalar\u0131 bulma<\/td> Multi-platform scan, agent\/agentless, scheduling<\/td><\/tr> \u0130mzalama esnekli\u011fi<\/td> \u00d6zel kullan\u0131m durumlar\u0131<\/td> Custom profiles, EKU kontrol\u00fc, CA agnostic<\/td><\/tr> Da\u011f\u0131t\u0131m otomasyonu<\/td> Operasyonel y\u00fck<\/td> Platform deste\u011fi say\u0131s\u0131, API\/webhook, rollback<\/td><\/tr> Protokol deste\u011fi<\/td> Cihaz\/sistem uyumlulu\u011fu<\/td> ACME, EST, SCEP, RESTful API<\/td><\/tr> \u00d6l\u00e7eklenebilirlik<\/td> B\u00fcy\u00fcme ve y\u00fck<\/td> Sertifika say\u0131s\u0131 limiti, performance, high availability<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Sonu\u00e7<\/h3>\n\n\n\n