Certificate Authorities

Are shorter certificates finally coming?!

Regular readers will know my views on the validity period of TLS certificates, and how they definitely need to be made shorter than they currently are! We made some good...

Free Post

Let's Encrypt

Introducing another free CA as an alternative to Let's Encrypt

Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation...

Free Post

Let's Encrypt

Let's Encrypt postpone the ISRG Root transition

I was looking forward to something happening this month in the world of PKI that has had to be postponed for the 3rd time. Let's Encrypt were going...

Finding alternate trust paths the easy way; Introducing Chain Builder

Free Post

Certificate Authorities

Finding alternate trust paths the easy way; Introducing Chain Builder

I ended up talking a lot about certificates recently and covered quite a few topics in a good amount of detail. To demonstrate something I've touched on a...

Free Post

Cross-Signing

Cross-Signing and Alternate Trust Paths; How They Work

In my last couple of posts about CAs and Root Certificates I've talked about something called Alternate Trust Paths. As a result, many people have asked me questions...

The Complexities of Chain Building and CA Infrastructure

Free Post

Certificate Authorities

The Complexities of Chain Building and CA Infrastructure

In my previous blog post [https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/] I looked at the problem of expiring Root CA Certificates and why it exists and you should definitely read that...

The Impending Doom of Expiring Root CAs and Legacy Clients

Free Post

Certificate Authorities

The Impending Doom of Expiring Root CAs and Legacy Clients

Regular readers will know that I'm very active in the CA / PKI space and even deliver a 2-day advanced training course [https://www.feistyduck.com/training/the-best-ssl-and-tls-training-in-the-world] on...

Ballot SC22: Reduce Certificate Lifetimes

Free Post

Certificate Authorities

Ballot SC22: Reduce Certificate Lifetimes

We've made some great progress in the TLS and PKI ecosystem in recent years, driven largely by the actions of browser vendors. We could have just taken another...

Free Post

Let's Encrypt

Let's Encrypt to transition to ISRG root

Let's Encrypt have announced that on July 8th, 2019 they will begin issuing new certificates from their own intermediate CA and not their current cross-signed intermediate. Here'...

Free Post

Certificate Authorities

Fishing for certs

I recently saw a tweet that got me thinking, then it got me reading, then it kept me busy for about an hour. In that short space of time I...

Certificate Authorities

A collection of 13 posts

Are shorter certificates finally coming?!

Introducing another free CA as an alternative to Let's Encrypt

Let's Encrypt postpone the ISRG Root transition

Finding alternate trust paths the easy way; Introducing Chain Builder

Cross-Signing and Alternate Trust Paths; How They Work

The Complexities of Chain Building and CA Infrastructure

The Impending Doom of Expiring Root CAs and Legacy Clients

Ballot SC22: Reduce Certificate Lifetimes

Let's Encrypt to transition to ISRG root

Fishing for certs

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow