Reminder: Die gültigen #Zertifikat-Laufzeiten schrumpfen.

🟡 15. März 2026: 200 Tage ☹️
🟠 15. März 2027: 100 Tage 🤢
🔴 15. März 2029: 47 Tage 🤮

Unser Status:
✅ #LetsEncrypt (wo einfach möglich) aktiviert
✅ 30-Tage-Zertifikate der internen AD CS PKI für Intranetdienste auf #WindowsServer und #Linux mit #PowerShell vollautomatisiert
⏳ AD FS, Exchange

https://www.heise.de/news/47-Tage-CAs-und-Browserhersteller-beschliessen-kuerzere-Laufzeit-fuer-Zertifikate-10352867.html

#sysadmin #admin #itsicherheit #zertifikate #tls #ssl #reminder #adcs #adfs #pki #intranet #internet

[Перевод] Easy-RSA 3 и Public Key Infrastructure (PKI)

Представленный материал по большей части является переводом краткого руководства Easy-RSA 3 с некоторыми дополнениями. Сухое и формализованное изложение не предполагает украшательства картинками. P.S. Адептам рунглиша с острой аллергической реакцией и когнитивным диссонансом к русскоязычным терминам и сокращениям просьба не беспокоиться.

https://habr.com/ru/articles/1012396/

#ssl #tls #easyrsa #openvpn #pki #openssl

Mass revocation gives you 24 hours and thousands of certs to replace. ARI (RFC 9773) automates it, but only if your ACME client is always running.

Certbot uses a cron job. acme.sh has no ARI support.

https://www.certkit.io/blog/ari-solves-mass-certificate-revocation

#PKI #TLS

LE is so advanced in every aspect, that competitors like Actalis are practically no viable alternatives. I tried Actalis free ACME certs for a while, then it started throwing errors about my quota (which should be unlimited btw). And we’re not even talking about stuff like DNS-PERSIST-01.

If people want European alternatives, then those alternatives should start delivering!

@icing

#acme #cert #letsencrypt #pki

RE: https://chaos.social/@icing/116214853150027314

CertKit now supports ACME ARI and 6-day certificates.

ARI means the CA tells us when to renew. We check it multiple times a day. Your next mass revocation event? Just another boring Tuesday.

Nothing to configure.

https://www.certkit.io/blog/acme-ari-and-6-day-certificates #PKI #infosec

RE: https://newsie.social/@ProPublica/116205120279539801

This is why scams are on the rise.

Related reminder: Yelp, BBB, Google Maps, etc. are all pay-to-win. Posting reviews on those sites makes THEM money! And it exposes you to legal risk, while you get nothing in return. Skeezy companies just pay for fake reviews or directly pay a bribe to the review sites.

Like voting, this is another problem that could be solved with #pki, if only lawmakers could grasp technology.

#reviews #complaints #consumeraffairs #consumerprotections #cfpb

Your cert renewed. The old one is still serving.

LinkedIn renewed 10 days before expiry. It never deployed.

Most automation catches "forgot to renew." Nobody verifies the new cert is what the server is actually sending.

https://www.certkit.io/blog/how-to-verify-certificate-renewal #PKI #TLS

Embedded systems security engineer / cryptographer open to contracts or permanent roles. Based in Lausanne, CH.

Background in embedded crypto libraries, PKI, smartcard middleware, software security research.

For contracts: direct preferred, remote-friendly. For permanent: Lausanne-commutable or remote.

Languages: English, French, some German.

DM or email preferred.

#cryptography #embeddedsystems #PKI #infosec #contractor #hiring #FediHire #fedihireme #fedihired #jobsearch #rust