CertKit - Certificate Management
@certkit.io
CertKit SSL Certificate Management automates the discovery, lifecycle, distribution, and monitoring of PKI Certificates.
Learn more at https://www.certkit.io/
Learn more at https://www.certkit.io/
"Revoke Certificate" - It's theater.
Most revoked certs keep working. Chrome, Firefox, Safari each block different revoked certs. The industry knows it's broken, so they're forcing 47-day expiration instead.
www.certkit.io/blog/certifi...
#PKI #CertificateManagement
Most revoked certs keep working. Chrome, Firefox, Safari each block different revoked certs. The industry knows it's broken, so they're forcing 47-day expiration instead.
www.certkit.io/blog/certifi...
#PKI #CertificateManagement
Certificate revocation is broken but we pretend it works
SSL Certificate revocation is so broken that browser vendors gave up trying to fix it. Chrome manually curates 24,000 'important' revocations out of 2 million. Firefox uses bloom filters that flag val...
www.certkit.io
November 11, 2025 at 7:49 PM
"Revoke Certificate" - It's theater.
Most revoked certs keep working. Chrome, Firefox, Safari each block different revoked certs. The industry knows it's broken, so they're forcing 47-day expiration instead.
www.certkit.io/blog/certifi...
#PKI #CertificateManagement
Most revoked certs keep working. Chrome, Firefox, Safari each block different revoked certs. The industry knows it's broken, so they're forcing 47-day expiration instead.
www.certkit.io/blog/certifi...
#PKI #CertificateManagement
Stripe bought their domain in 2010. The previous owner's SSL certificate was valid until 2011.
For an entire year, someone else had a perfectly legitimate certificate for their payment processing.
This is why we're getting 47-day certificates.
www.certkit.io/blog/bygones...
For an entire year, someone else had a perfectly legitimate certificate for their payment processing.
This is why we're getting 47-day certificates.
www.certkit.io/blog/bygones...
BygoneSSL and the certificate that wouldn't die
When domains change hands, old certificates don't. Two researchers at DEFCON found 1.5 million domains with valid certs owned by someone else. This is the security research that killed long certificat...
www.certkit.io
October 27, 2025 at 4:39 PM
Stripe bought their domain in 2010. The previous owner's SSL certificate was valid until 2011.
For an entire year, someone else had a perfectly legitimate certificate for their payment processing.
This is why we're getting 47-day certificates.
www.certkit.io/blog/bygones...
For an entire year, someone else had a perfectly legitimate certificate for their payment processing.
This is why we're getting 47-day certificates.
www.certkit.io/blog/bygones...
Reposted by CertKit - Certificate Management
Netflix doesn't join standards bodies. They build streaming protocols, not bureaucracy. #ssl
Why Netflix Joined the Certificate Wars (And Why It Matters)
hackernoon.com
October 8, 2025 at 4:08 AM
Netflix doesn't join standards bodies. They build streaming protocols, not bureaucracy. #ssl
Reposted by CertKit - Certificate Management
Welcome to #CertKit on #OpsMatters! CertKit gives you one dashboard to see every cert, every renewal, every domain—before they expire and ruin your weekend.
#cybersecurity #certificatemanagement #devops https://opsmtrs.com/46V2Oar
#cybersecurity #certificatemanagement #devops https://opsmtrs.com/46V2Oar
CertKit
CertKit gives you one dashboard to see every cert, every renewal, every domain—before they expire and ruin your weekend.
opsmtrs.com
October 19, 2025 at 7:29 PM
Welcome to #CertKit on #OpsMatters! CertKit gives you one dashboard to see every cert, every renewal, every domain—before they expire and ruin your weekend.
#cybersecurity #certificatemanagement #devops https://opsmtrs.com/46V2Oar
#cybersecurity #certificatemanagement #devops https://opsmtrs.com/46V2Oar
"Nice website you got there. Shame if it was “Not Secure.” That’ll be $300 a year."
www.certkit.io/blog/47-day-...
www.certkit.io/blog/47-day-...
The 47-Day Certificate Ultimatum: How Browsers Broke the CA Cartel
For twenty years, Certificate Authorities ran the perfect protection racket. Then SHA-1 got shattered, Apple went rogue, and certificates went from lasting 3 years to 47 days. This is the story of how...
www.certkit.io
October 6, 2025 at 3:33 PM
"Nice website you got there. Shame if it was “Not Secure.” That’ll be $300 a year."
www.certkit.io/blog/47-day-...
www.certkit.io/blog/47-day-...
It started as 47 beautiful lines of bash. Now it's a distributed certificate system built on thousands of command line incantations nobody understands, running on every server, and some of the printers.
www.certkit.io/blog/why-you...
#devsecops #ssl #certificates
www.certkit.io/blog/why-you...
#devsecops #ssl #certificates
You Built Your Own Certificate Management System - It's Already Broken
It started as 47 beautiful lines of bash. Now it's a distributed certificate system built on thousands of command line incantations nobody understands, running on every server and some of the printers...
www.certkit.io
September 19, 2025 at 9:34 PM
It started as 47 beautiful lines of bash. Now it's a distributed certificate system built on thousands of command line incantations nobody understands, running on every server, and some of the printers.
www.certkit.io/blog/why-you...
#devsecops #ssl #certificates
www.certkit.io/blog/why-you...
#devsecops #ssl #certificates
Reposted by CertKit - Certificate Management
I had a fantastic time chatting with @richcampbell.bsky.social about Certificate management (specifically how much it sucks) and how we're trying to make it better at @certkit.io.
Do you have strong feels about certificates? I'd love to chat with you about it.
Do you have strong feels about certificates? I'd love to chat with you about it.
September 17, 2025 at 7:05 PM
I had a fantastic time chatting with @richcampbell.bsky.social about Certificate management (specifically how much it sucks) and how we're trying to make it better at @certkit.io.
Do you have strong feels about certificates? I'd love to chat with you about it.
Do you have strong feels about certificates? I'd love to chat with you about it.
Apple wants #SSL certificates to last only 47 days.
Remember when they lasted 3 years? Then 2? Then 1? Now we're speed-running toward daily renewals.
Your bash script from 2019 isn't ready for this
certkit.io/blog/why-we-built-certkit
Remember when they lasted 3 years? Then 2? Then 1? Now we're speed-running toward daily renewals.
Your bash script from 2019 isn't ready for this
certkit.io/blog/why-we-built-certkit
CertKit SSL Certificate Management
CertKit SSL Certificate Management automates the discovery, lifecycle, distribution, and monitoring of PKI Certificates.
certkit.io
September 3, 2025 at 8:07 PM
Apple wants #SSL certificates to last only 47 days.
Remember when they lasted 3 years? Then 2? Then 1? Now we're speed-running toward daily renewals.
Your bash script from 2019 isn't ready for this
certkit.io/blog/why-we-built-certkit
Remember when they lasted 3 years? Then 2? Then 1? Now we're speed-running toward daily renewals.
Your bash script from 2019 isn't ready for this
certkit.io/blog/why-we-built-certkit