Let’s Encrypt has a number of downsides when used on a large scale. It uses modern key management protocols, but the high-level of automation requires management. This is what KeyChest provides.
Continue reading Let’s Encrypt for Companies with KeyChestMandating use of HTTPS / SSL certainly seems to have something in common with security certifications like FIPS140-2 or Common Criteria. Very few understand how it really helps, how complex it is but many already know how costly it can be.
Continue reading Web Encryption – Punishment of SMBs by Tech Giants?A new version of KeyChest for 2019 with Free personal end-to-end monitoring of up to 500 servers. Most preparations went up in smoke but we made it.
Continue reading KeyChest supports free web encryptionWe have finally completed a GLOBAL certificate look-up table for real-time notifications in our re-designed KeyChest service. KeyChest has been using an external service to check for new certificates. This has become unsustainable due to the number of users and certificates we monitor.
Continue reading Real-Time Certificate Info – 5,560,000,000 KeyChest Index
Our certificate monitoring KeyChest has an initial RESTful API for remote enrolment of new certificates and for checking certificate expiry. Its design supports automation without any initial security/authorization setup.
Continue reading Automate certificate monitoring with free API – KeyChest
This text is about creating a process around planning certificate renewals. As part of our KeyChest re-design, we created a sequence of meaningful checks for TLS certificates to get them always renewed before your web services go down.
Continue reading Planning TLS certificate renewals – define a process
KeyChest HTTPS monitoring started small – to help us manage our certificates and its free service grew with interest. It’s the right approach from the business point of view, but it has its dark side. A major incident flashed it out last Saturday.
Continue reading Major KeyChest Incident – We Turn It Into Serious Business
As I was collecting reliability data for several PKI systems, I included Let’s Encrypt as it’s by far the biggest PKI system I was aware of. It provides its status data and its history at https://letsencrypt.status.io and here’s my informal analysis of its production systems.
Continue reading Let’s Encrypt uptime is 99.9% — or 98.8% without defects in 2017
This is an interesting one. The first impulse is to simply answer NO, you can’t do it, that’s the point of HTTPS. But it’s all about networking and one can do quite some magic with proxies, forwarding, and the SNI extension in TLS protocols.
Continue reading Let’s Encrypt certificates with one name on different servers
We have compiled all practical information we could find and written it up at Numbers you need to know. It’s a long list of restrictions, rate limits, and other useful information to keep in mind. Here’s a few selected points that we found interesting. Big thanks to schoen from Certbot/EFF for pointing out numerous inaccuracies.