News
Useful updates to get the best out of your services
News
Information, news and insights on IT security, SSL certificates and digital sector innovations: official Actalis updates for professionals and businesses.
From HTTPS to machine trust: the rise of mTLS client certificates
IT SecurityIn recent years, we have seen something interesting happen: the digital certificate, which many associated only with HTTPS, is becoming increasingly central in modern architectures. This is because it is undeniable that machines communicate more than humans do. And when they communicate with each other—via APIs, microservices, cloud integrations, or exchanges between trusted platforms—the question is no longer just “is the channel encrypted?”, but above all: who is making the call? what is its identity? This is where mutual TLS, or mTLS, comes into play. In “standard” TLS, the server presents its certificate, and the client trusts it (if everything checks out). With mTLS, an additional step is introduced: the client also authenticates itself using an X.509 certificate. So both parties prove their cryptographic identity. The result? We are no longer just protecting a communication—we are building a verifiable trust relationship.
Client Authentication in public SSL certificates: what changes from 2026 and which solutions to adopt
SSL CommunicationsStarting from April 15, 2026, new rules issued by the Google Chrome Root Program will come into effect, impacting the use of Client Authentication (clientAuth) in public SSL/TLS certificates.Specifically, server SSL certificates will no longer be allowed to include the EKU dedicated to client authentication, an essential element in mTLS (mutual TLS) contexts and in machine-to-machine communications. Traditional web browsing will not be affected, but for some application integrations it will be necessary to evaluate suitable alternatives. In this article, we analyze the context, the reasons behind the change, and the solutions available through Actalis to ensure continuity and compliance.
Actalis SSL certificates for IP addresses: practical, compliant, ready to use
IT SecurityIf your infrastructure doesn’t use DNS, an SSL certificate for an IP address can be the ideal way to enable HTTPS and verify server identity. Actalis now offers this capability as part of its Organisation Validated (OV) SSL certificate range.
Free and unlimited DV certificates: Actalis becomes Europe’s reference point for ACME-based web security
SSL CommunicationsA safer, more accessible digital ecosystem for everyone: that’s the vision behind Actalis’s new initiative. As part of the Aruba Group, Actalis now offers free and unlimited Domain Validated (DV) SSL certificates, available through the ACME (Automatic Certificate Management Environment) protocol. This move puts Actalis on par with global leaders in automated certificate issuance – while standing apart through its guarantee of full European governance, transparency and regulatory compliance.
DORA and the role of cryptography in financial operational resilience
IndustryThe Digital Operational Resilience Act (DORA), introduced under EU Regulation 2022/2554, is a major step toward strengthening the digital resilience of financial entities across the European Union. Designed to protect the EU’s financial system from disruptions and emerging cyber risks, DORA establishes a comprehensive framework that spans ICT risk management, incident reporting, third-party vendor oversight, security testing and governance. In a financial landscape defined by constant digital transformation, DORA sets out strict requirements to ensure that institutions can maintain stability and operational continuity, even in the face of digital threats.