CertKit 1.9: push agent updates from the dashboard, no more logging into every server. Plus Google Trust Store as a second ACME issuer alongside Let's Encrypt.
CertKit
@certkit@infosec.exchange
mastodon
4.6.0-alpha.6+glitch
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
0
Followers
0
Following
Joined October 27, 2025
Website:
Posts
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Security vendors use "trust" as a magic spell. One homepage: 17 uses. I still don't know what they sell. You find out after you fill out a form, take a call, sit through a demo, and receive a market-ecture PDF.
1
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
CertKit is out of beta.
600 signups. Real production deployments. A Keystore for keeping private keys on-prem. RDP and RRAS support for Windows shops.
Now there's real pricing — and 40% off forever if you get in before May 31st.
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
@filippo They may not matter much in volume, but lots of orgs are still tied to the OV/EV certs from legacy CAs.
We still need to pull from just about all the CT Logs to get a complete picture for our discovery tool.
https://www.certkit.io/tools/ct-logs/
View full thread on infosec.exchange
0
2
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
CertKit Agent 1.8: Windows Certificate Store, Java Keystore, and RDP auto-detection.
We also shipped a retro MS-DOS confirmation dialog on April Fools Day. It is fully keyboard-compatible.
https://www.certkit.io/blog/agent-1.8 #CertificateManagement #PKI
2
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Let's Encrypt ran a mass revocation drill on 3 million production certificates in March. No user notifications. They shortened ARI windows to signal an emergency and watched who responded.
Most ACME clients never noticed.
https://www.certkit.io/blog/lets-encrypt-mass-revocation-simulation
2
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Some organizations have a hard requirement: private keys cannot leave the network perimeter. Third-party cert management has always meant violating that policy.
The CertKit Local Keystore is the fix. Keys stay on your infrastructure. Full automation still works.
www.certkit.io/blog/certkit-keystore
1
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
A 2024 PKI survey found organizations averaged 3 certificate outages over 24 months. In almost every case, the certificate renewed fine.
Distribution is where it fell apart.
https://www.certkit.io/blog/certificate-distribution-is-the-last-mile #PKI #infosec
2
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Mass revocation gives you 24 hours and thousands of certs to replace. ARI (RFC 9773) automates it, but only if your ACME client is always running.
Certbot uses a cron job. acme.sh has no ARI support.
https://www.certkit.io/blog/ari-solves-mass-certificate-revocation
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
CertKit now supports ACME ARI and 6-day certificates.
ARI means the CA tells us when to renew. We check it multiple times a day. Your next mass revocation event? Just another boring Tuesday.
Nothing to configure.
https://www.certkit.io/blog/acme-ari-and-6-day-certificates #PKI #infosec
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Your cert renewed. The old one is still serving.
LinkedIn renewed 10 days before expiry. It never deployed.
Most automation catches "forgot to renew." Nobody verifies the new cert is what the server is actually sending.
https://www.certkit.io/blog/how-to-verify-certificate-renewal #PKI #TLS
1
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Certificate management has always been a one-person job. CertKit now supports team access: role-based permissions, SAML SSO, MFA, and a weekly digest to keep the whole org in the loop.
2
0
1
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
March 15 is last call on 398-day certificates. After that, 200-day max, 100 in 2027, 47 in 2029.
Renew now and you buy yourself time to automate on your terms. Wait, and the CA/B Forum sets your schedule for you.
https://www.certkit.io/blog/last-call-on-398-day-certificates #PKI #WebPKI
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
CertKit Agent 1.6: RRAS support, deploy windows, and agent locking.
Shorter lifetimes mean certificate automation has to act like real deployments: issue, deploy, verify. Deploy windows keep disruptions inside maintenance windows, and agent locking freezes commands so UI changes can’t be weaponized.
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
22,000+ incidents in the Verizon DBIR. Man-in-the-middle? Less than 4%, mostly phishing proxies. Not TLS interception.
Forward Secrecy killed "record now, decrypt later." So what actually compromises your connections?
1
0
1
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Curious how CertKit works? I made a page for that.
0
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
We found a valid DigiCert certificate on a domain we just purchased, issued to someone we've never met. Getting it revoked took 6 emails. 72 hours after confirmed revocation, every browser still trusts it.
1
0
0
CertKit
@certkit@infosec.exchange
Automated SSL certificate management for IT teams who have better things to do. No scripts, no cron jobs. Free 90-day trial to start renewing your certificates.
infosec.exchange
Most “certificate automation” stops at issuance. That’s how you renew a cert and still serve the old one.
With the CertKit agent, we can now do all three. Renew certs, deploy files, restart services, verify the correct certs run in production.
1
0
0