CertKit Keystore: Private keys that never leave your infrastructure CertKit manages your certificates from issuance through deployment. For most organizations, that includes holding your private keys. For some, that's a hard no. The Local Keystore is for them.

Your security policy says private keys can't leave the network. Certificate automation says they have to. We just fixed that.

www.certkit.io/blog/certkit-keystore

#PKI #CertificateManagement

Sectigo targets partners with new CLM platform Sectigo has launched a platform to scale certificate services globally. The company is targeting channel partners with a multi-tenant system designed to turn certificate lifecycle management into a recurring managed service.

Sectigo is pushing certificate lifecycle management further into the channel with a new multi-tenant platform aimed at MSPs and MSSPs facing shorter certificate cycles and rising outage risk. #Cybersecurity #Channel #PKI

Certificate distribution is the last mile nobody solved Certbot solved certificate issuance. It's great at that. The hard part is everything that happens after: getting the certificate file to every server that needs it, in the right format, with the right...

Epic Games had a wildcard cert expire in 2021. Monitoring caught it in 12 minutes. Recovery took 5.5 hours and 25 people.

The cert renewed fine. Distribution is where it fell apart.

www.certkit.io/blog/certifi... #PKI #TLS

Own the slimest & tinest #crypto #wallet via #CodeWav #NFC #JavaCard just 0.9 mm thick.

For info or samples:
thothtrust.com/products.htm...

#PKI #CryptoMarket #BlockchainInnovation #BlockchainSecurity #CryptoSecurity #ITSecurity #SelfCustody #Web3 #BTC #Altcoins #ETH #SmartContracts

「360 安全龙虾」客户端包含 TLS 证书私钥；目前证书已被吊销。

此证书由 WoTrus CA 签发，用于 *.myclaw.360.cn 及 myclaw.360.cn 域名。

finance.sina.com.cn/~

#Qihoo #OpenClaw #PKI

Telegram 原文

ACME Renewal Information (ARI) solves mass certificate revocation When a CA has to revoke hundreds of thousands of certificates on a short deadline, email notifications aren't enough. ARI is the protocol that lets the CA tell your client directly: renew now. Here's ...

Mass certificate revocation isn’t a fire drill. It’s a 24-hour clock with thousands of certs on the line.

ARI (RFC 9773) was built to handle exactly this. But it only works if your ACME client is actually listening.

www.certkit.io/blog/ari-sol...

#PKI #TLS

Certificate lifespans are shrinking and most organizations aren't ready - Help Net Security TLS certificate lifespans are shrinking. Is your org ready? Automate certificate lifecycle management before the next deadline hits.

Certificate lifespans are shrinking and most organizations aren’t ready

📖 Read more: www.helpnetsecurity.com/2026/03/16/g...

#cybersecurity #cybersecuritynews #certificates #PKI #encryption #quantumcomputing #strategy

ACME ARI support and 6-day certificates CertKit now polls Let's Encrypt multiple times a day to check when each certificate should renew. That means mass revocations happen automatically, without you doing anything. We also added support fo...

CertKit now supports ACME ARI and 6-day certificates.

ARI means the CA tells us when to renew. We check it multiple times a day. The next mass revocation event will be boring for you.

www.certkit.io/blog/acme-ar... #PKI #TLS

How to verify certificate renewal actually worked Certbot ran. The logs show success. Exit code 0. LinkedIn found out the hard way that renewed and deployed are not the same thing. The verify step is the part of certificate automation nobody builds u...

Your certificate renewed. The old one is still serving.

Certbot solves "I forgot to renew." It doesn't tell you whether the new cert actually made it to your server. LinkedIn learned this the hard way in 2019.

www.certkit.io/blog/how-to-...

#PKI #TLS

WebPKI and You There’s been a push over the last twelve years to move web traffic off unencrypted HTTP to encrypted HTTPS, to protect the general public from dragnet surveillance, gaping assholes on public wifi>airp...

WebPKI and You blog.brycekerley.net/2026/03/08/w... #infosec #pki

Original post on troet.cafe

@HaWeCom Tja, die Leute sollen wohl wieder kriminell werden, damit die Statistik einen Grund für's Aufrüsten im Bereich Innenministerium hergibt. Wenn einer am Boden liegt. muss man ja nachtreten können.
Ich interpretiere aus der #PKI #polizeikriminalstatistik bereits seit Corona ansteigende […]

This image features a promotional graphic with a purple and teal design. It includes text that reads "Techy Geeks Home - Making it Happen" and "Deploy certificates for custom WSUS

How to deploy certificates for custom WSUS updates to client machines | #Guide #Microsoft #WSUS #WindowsServer #PKI #SysAdmin #CyberSecurity

User management, MFA, SSO, and weekly summaries are live CertKit now supports team accounts with role-based access, multi-factor authentication, SAML single sign-on, and a weekly email digest. Here's what shipped and why it matters.

Certificate management has always been a one-person job. Until something breaks, everyone ignores it. Until that one person leaves.

CertKit now supports team access: roles, SAML SSO, MFA, and a weekly email digest.

www.certkit.io/blog/user-ma... #CertKit #PKI

Keyfactor Enhances Post-Quantum Readiness with New Automation Tools for Digital Trust Management Keyfactor has unveiled new capabilities to enhance automation and ensure cryptographic agility, addressing the challenges of shrinking certificate lifespans in enterprise environments.

Keyfactor Enhances Post-Quantum Readiness with New Automation Tools for Digital Trust Management #USA #Cleveland #Digital_Trust #PKI #Keyfactor

Last call on 398-day certificates The bar closes March 15. After that, no CA can serve you a 398-day certificate. If you're still managing commercial SSL certs manually, you have two weeks to grab one last round of full-year runway be...

March 15 is the last day to issue a certificate with ~1 year of validity. After that, 200-day max. Then 100 in 2027. Then 47 in 2029.

Renew now and you set your own automation schedule. Wait, and the CA/B Forum sets it for you.

www.certkit.io/blog/last-ca... #PKI #CertificateManagement

🔐 Don't let expired certs take down your cluster!

Automate Kubernetes certificate renewal with kubeadm + cron + best practices. Zero-downtime, production-tested.

#Kubernetes #Security #Automation #PKI #DevOps
🔗 devopstales.github.io/kubernetes/k...

DNS-PERSIST-01：单次 DNS 记录修改即可供持久签发 TLS 证书；预计 26 年 Q2 正式发布。

- 和 DNS01 的 _acme-challenge 不同，使用的是 _validation-persist 域名前缀。
- TXT 记录包含证书签发方、ACME 账户信息、签发政策，以及授权过期时间等信息。

https://letsencrypt.org/2026/02/18/dns-persist-01.html

#PKI #LetsEncrypt

Telegram 原文

SEALSQ Releases Preliminary 2025 Financial Metrics Insider Brief PRESS RELEASE — SEALSQ Corp (NASDAQ: LAES) (“SEALSQ” or the “Company”), a global leader in semiconductor, PKI, and post-qu...

#Daily #Quantum #Business #PKI #pqc #Revenue #growth #SEALSQ #TPM

Origin | Interest | Match

Original post on hachyderm.io

Today I published an update on the #Canonical supported #upki project, which brings browser-grade Public Key Infrastructure to Linux through the efficient #CRLite data format, with the core revocation engine now functional and available to test!

Beyond current progress, this post explores […]

Introducing the CertKit Agent CertKit can now deploy certificates directly to your servers. The CertKit Agent is a lightweight service for Linux, Windows, and Docker that detects your software, writes certificates where they need ...

Most “certificate automation” stops at issuance. That’s how you renew a cert but still serve the old one.

CertKit Agent closes the loop: issue, deploy, verify. Write files to the right paths, set perms/ownership, run the restart.

www.certkit.io/blog/certkit...

#PKI #DevOps

Four years running now, still managing to keep my lab root CA alive! I think the VM has been moved 3 or 4 times at this point, but I still keep managing to publish a new CRL! #PKI #ADCS

Image

🥩🥩Mr T-Bone tip!🥩🥩[New from Tech Community]
Ever wondered how to keep your root certs safe? Dive into ADCS Offline Root CA best practices! PKI legends, get in here!

#cybersecurity #PKI #MVPBuzz #Security #MicrosoftTechCommunity
👉👉 tip.tbone.se/sYOAt3
[AI generated, Human reviewed]

Your servers shouldn't need to know ACME Your nginx doesn't need to understand ACME. Your mail server doesn't need DNS credentials. Your VPN appliance can't even run CertBot. They just need a certificate file. CertKit handles validation cent...

CertBot assumes every server should manage its own certificates. That worked when you had three servers.

But with web farms sharing wildcards, load balancers, mail servers, and VPN appliances, the distributed model collapses.

www.certkit.io/blog/servers...

#ACME #PKI

KeypMe (keypme.com) is the first-ever Post Quantum #smartcard demo in real-world use cases. Use #PQC for S/MIME email and signed PDF document.
Leveraging @utimaco.bsky.social #HSM and @keyfactor.bsky.social #EJBCA as #PKI!

Uses your smartphone as a smartcard. No hardware needed! Easy IT integration

La confiance numérique, c’est aussi une question de puce et de clé ! 🔐

Comment les cartes à puce et les infrastructures à clés publiques (PKI) sécurisent-elles nos échanges ?

📽️ youtu.be/amHxFiYS_iA

#ConfianceNumérique #Cybersécurité #PKI

The slides for my presentation "Please sign your artefacts. WITH WHAT?" at #FOSDEM in the Security devroom are now available for viewing. A video will be coming soon.

fosdem.org/2026/schedule/event/RFFD...

#SBOM #SPDX #CYCLONEDX #OWASP #CYBERSECURITY #PKILOVE #pki

Let’s Encrypt’s Six-Day Certificates Generally Available

www.feistyduck.com/newsletter/issue_133_let...

Let's Encrypt is moving to 45-day certificates before everyone else The CA/Browser Forum set 47-day certificates as the target for 2029. Let's Encrypt decided to implement it a year earlier. Here's their roadmap and what it means for your automation.

Let's Encrypt is moving to 45-day certificates by February 2028, a full year before the industry mandate. Authorization reuse drops to 7 hours. If your renewals aren't truly automated, you'll find out the hard way.

www.certkit.io/blog/45-day-...

#PKI #CertificateManagement

We need to simplify client certificates for IoT and MTLS. One way is to anchor client certs in DNS.
The IETF DANCE working group needs more energy to complete our work. Want to join? Get on the mailing list now and help out!
https://datatracker.ietf.org/group/dance/about/

#PKI #DNSsec #MTLS #IOT

🎁🎄🎇 HOLIDAYS SPECIAL 2025 🎇🎄🎁

Secure sensitive data w CC cert Chip + X25519

bsky.app/profile/thot...

#JavaCard #coldstorage #wallet #CryptoSecurity #ITSecurity #BTC #Altcoins #ETH #Solana #SmartContracts #Blockchain #StableCoins #Cryptopay #PKI #Bitlocker #FDE