CertKit is Out of Beta Why I built a certificate management platform, what's wrong with the way we handle certs today, and why CertKit exists as a commercial product now.

CertKit is out of beta today. After a year, 600+ beta users, and more Windows edge cases than I care to admit, it's a real product.

www.toddhgardner.com/blog/certkit...

CertKit SSL Certificate Lifecycle Management SSL Certificate Lifecycle Management from CertKit handles the certificate tedium. Issue certificates in one click. Automatically deploy them to Linux, Windows, and vendor appliances. Monitor everythin...

The sidecar pattern works but it's still one renewal process per container, which is the problem you're trying to get away from. A central system that pushes certs to pods is cleaner, and gets more important as lifetimes shrink. (I build certkit.io which does this)

That quote nails it. cert-manager solves issuance really well but you still end up with no fleet-level view of what's expiring across namespaces. You find out when TLS starts failing, not before.

You end up needing some other system to manage that, like @certkit.io

The Windows Certificate Store integration in Agent 1.8 is going to eliminate a lot of the wrapper scripts I see.

www.certkit.io/blog/agent-1.8

Let's Encrypt quietly ran a mass revocation drill last week. 3 million real certificates. Most automation never noticed. That's the problem.

For the orgs that asked: yes, you can now use CertKit without sending us your private keys. The keystore runs on your infrastructure. Keys never leave.

The forums answer for deploying certs to multiple servers is always "just write a script." That script quietly becomes the most critical unmonitored piece of infrastructure you own.

ARI is the protocol that makes mass revocation survivable. Most ACME clients aren’t using it right. Cron jobs don’t cut it when the CA needs a response in 6 hours.

We added ARI so when a CA has to pull 83,000 certs overnight (hi DigiCert), it's just a quiet Tuesday. Certificate emergencies are getting boring.

Renewed doesn't mean deployed. Certificate automation has a verification gap that almost nobody closes, and the consequences are getting worse as cert lifetimes shrink.

Certificate expiration is a team problem that keeps getting assigned to one person. We just shipped the tools to fix that.

GitHub felt more reliable when it was a pile of ruby on rails and a fistful of dreams.

Get your last 1 year SSL certificates now, while the gettin is good.

New post. AI code looks great in the diff and breaks on the first edge case. The instinct is to reverse-engineer the author's assumptions, but that approach is slow and usually wrong.

If you’re still treating cert renewals like a calendar reminder, March is gonna be spicy.

Kash Patel is presented with the Gold Medal by Kristi Noemish person, he proceeds to pose with the medal, celebrate and pour champagne as hte actual medalists look on.

This is one of my favorite cybersecurity posts we've done. I dug into the data on MITM attacks and the threat model most of us worry about is basically fiction.

The ICE surge in Minnesota cost $280M, to detain 4k people of whom only 30 were accused of violent crimes.

$9 million per capture of the "worst of the worst". Plus two citizens murdered.

~ Veterans for Peace

I keep seeing AI-generated diffs that are plausible and wrong in the most annoying ways: missing guards, cargo-cult hooks, swallowed promises.

If your review is vibes, you’re gambling. Production has receipts.

Sorry to hear that. Tough times, but you’ll get through it.

My first published software was part of a level pack for Duke Nukem.

We wanted to understand how rugged English-Scots-Irish culture has shaped America. So we talked to three white South African billionaires at a sex party in the Bahamas.

BygoneSSL isn't theoretical. We found a valid certificate on our own domain, issued to someone we've never met. Getting it revoked was an experience.

“Go to sleep with itchy butt, wake up with stinky finger”

This game was such a gem for teenage todd 🤣

It’s weird to see people who aren’t from Minnesota talking about Minnesota.

We also have amazing Somali and Hmong populations.

The best part of this country is the melding pot of culture.

If he wants English-Scott-Irish, then he should move to England, Scotland, or Ireland.

Jikipedia turns Epstein’s emails into an encyclopedia of the his powerful friends AI-generated dossiers from the Jmail team.

Jikipedia turns Epstein’s emails into an encyclopedia of the his powerful friends

a group of men wearing red white and blue lightning bolt pants ALT: a group of men wearing red white and blue lightning bolt pants

You may not like it, but this is what peak performance looks like.

📢 Attention Software Developers! The #EarlyBird ticket offer for NDC Toronto closes this Monday, Feb 16th 🇨🇦 Join @stevesanderson.bsky.social and 55 other industry experts for 4 days of learning, networking, and fun!
Secure your spot 👉 ndctoronto.com