I spent some time in a company that had been running many Java “microservices” – a code word for Java Spring Boot servers. One of the problems was how to efficiently manage zillions of JKS/P12 files.Continue reading Java Spring Boot With PEM-based TLS on-the-fly
Unifying Let’s Encrypt and Long-term Certificates
Let’s Encrypt has a number of downsides when used on a large scale. It uses modern key management protocols, but the high-level of automation requires management. This is what KeyChest provides.Continue reading Let’s Encrypt for Companies with KeyChest
KeyChest started as a simple HTTPS monitoring service. It has had its own database of all web certificates for about a year. And it helped issue first real certificates this week.Continue reading KEYCHEST and HTTPS automation
Mandating use of HTTPS / SSL certainly seems to have something in common with security certifications like FIPS140-2 or Common Criteria. Very few understand how it really helps, how complex it is but many already know how costly it can be.Continue reading Web Encryption – Punishment of SMBs by Tech Giants?
KeyChest has started as an easy to use HTTPS monitoring service. What we are aiming for is a general purpose key management service, which can look after your public as well as internal web encryption keys.Continue reading KeyChest – Unifying Public and Private Keys
A new version of KeyChest for 2019 with Free personal end-to-end monitoring of up to 500 servers. Most preparations went up in smoke but we made it.Continue reading KeyChest supports free web encryption
KeyChest is being integrated with Let’s Encrypt more tightly, it now has its first integration hook for Certbot. It registers domains using self-registered API keys and creates dormant accounts for you simply to confirm.Continue reading Certbot and KeyChest API
I recently attended a workshop about app/web product design. The presenter asked us to think of a well and badly designed app. Dash sprang to my mind as an example of the latter. While its design is an ongoing issue, it happened at least once that its server certificate expired and users couldn’t do payments.Continue reading Dash cashless – design and operation (HTTPS)
We all have seen it – I go to visit an interesting blog, DEFCON website, or pay for your parking on the go. But I can’t – the website or web service has an expired certificate and the “damn security wouldn’t let me do it”.