SSL [.]com is rotating out its root certificate today, a move described as normal, business as usual for a certificate authority. The change was announced by SSL[.]com on 5 May 2026, with guidance urging users to review their configurations if they go beyond basic cert and website use.
In the accompanying notes, SSL[.]com recommends auditing any pinned trust anchors, custom trust stores, or certificate validation logic tied to the 2016 roots to avoid disruptions; cross-certificates can bridge the gap for backward compatibility during the transition; and migrating to dedicated Client Certificates is advised, as these are server-authentication independent and won't be affected by Google Chrome’s upcoming server authentication requirements.
The post also notes that this migration relates to the 2016 root hierarchy and provides a link to SSL[.]com’s fuller explanation of what the migration means for users. For those seeking further details, the full post is available at SSL[.]com’s article What SSLs root migration means for you, linked in the disclosure. According to SSL[.]com's article What SSLs root migration means for you.