LE is so advanced in every aspect, that competitors like Actalis are practically no viable alternatives. I tried Actalis free ACME certs for a while, then it started throwing errors about my quota (which should be unlimited btw). And we’re not even talking about stuff like DNS-PERSIST-01.
If people want European alternatives, then those alternatives should start delivering!
#acme #cert #letsencrypt #pki
RE: https://chaos.social/@icing/116214853150027314
CertKit now supports ACME ARI and 6-day certificates.
ARI means the CA tells us when to renew. We check it multiple times a day. Your next mass revocation event? Just another boring Tuesday.
Nothing to configure.
https://www.certkit.io/blog/acme-ari-and-6-day-certificates #PKI #infosec
CertKit now polls Let's Encrypt multiple times a day to check when each certificate should renew. That means mass revocations happen automatically, without you doing anything. We also added support for 6-day certificates for environments where 90 days isn't short enough.
RE: https://newsie.social/@ProPublica/116205120279539801
This is why scams are on the rise.
Related reminder: Yelp, BBB, Google Maps, etc. are all pay-to-win. Posting reviews on those sites makes THEM money! And it exposes you to legal risk, while you get nothing in return. Skeezy companies just pay for fake reviews or directly pay a bribe to the review sites.
Like voting, this is another problem that could be solved with #pki, if only lawmakers could grasp technology.
#reviews #complaints #consumeraffairs #consumerprotections #cfpb
Your cert renewed. The old one is still serving.
LinkedIn renewed 10 days before expiry. It never deployed.
Most automation catches "forgot to renew." Nobody verifies the new cert is what the server is actually sending.
https://www.certkit.io/blog/how-to-verify-certificate-renewal #PKI #TLS
Certbot ran. The logs show success. Exit code 0. LinkedIn found out the hard way that renewed and deployed are not the same thing. The verify step is the part of certificate automation nobody builds until after the outage.
@Lucseleventje @Marloezovic en #yivi zouden verzekeraars, banken en #odido achtigen ook kunnen gebruiken in plaats van het opslaan overal en nergens van paspoorten en rijbewijzen .
Opslaan aantal soorten gevoelige gegevens hoeft technisch niet meer met yivi! Als er dan een hack komt zoals bij #odido is er veel minder impact voor betrokken burgers.
Moet wel de wet worden aangepast. Opslaan paspoort en is gegevens mag niet meer: #pki based bewijs is immers voldoende (yivi achtig cryptografische ondertekening is het zo goed bewijs van identiteit , zo niet veel beter want automatiseerbaar)
@barbarakathmann @bert_hubert
#privacy #ransomeware #weerbaarheid #odidohack
Embedded systems security engineer / cryptographer open to contracts or permanent roles. Based in Lausanne, CH.
Background in embedded crypto libraries, PKI, smartcard middleware, software security research.
For contracts: direct preferred, remote-friendly. For permanent: Lausanne-commutable or remote.
Languages: English, French, some German.
DM or email preferred.
#cryptography #embeddedsystems #PKI #infosec #contractor #hiring #FediHire #fedihireme #fedihired #jobsearch #rust
Certificate management has always been a one-person job. CertKit now supports team access: role-based permissions, SAML SSO, MFA, and a weekly digest to keep the whole org in the loop.
March 15 is last call on 398-day certificates. After that, 200-day max, 100 in 2027, 47 in 2029.
Renew now and you buy yourself time to automate on your terms. Wait, and the CA/B Forum sets your schedule for you.
https://www.certkit.io/blog/last-call-on-398-day-certificates #PKI #WebPKI
Great article on proactive steps being taken to introduce quantum resistant HTTPS without too much transactional overhead:
پویان Pouyan 
CertKit
Andrew Furrow
Marwe
Hans-Cees 🌳🌳🤢🦋🐈🐈🍋🍋🐝🐜
Antony
Patrick Evans