KeyChest – Getting Rid of Broken Padlocks
There are good reasons why HTTPS certificates regularly expire. The question is whether these reasons justify that a key which was OK at 8:59 is totally insecure and unacceptable at 9:00. It doesn’t make sense – how can a difference of one minute, or even one second ruin one’s online business. It simply CAN’T be right.
I have been working with key management systems since my graduation and learnt a great deal about how we wanted to use them, why some worked and others didn’t. Where to look for a balance between security and usability.
This experience combined with the needs of enterprise environment, where my co-founder Adam spent many years is what has been driving the development of the new KeyChest.
You can start using it with no-knowledge of security or technology. All you need to know is what is your internet domain name. KeyChest will figure out the rest.
We have built our own lookup table of all issued certificates – it is now interactively searchable from the main landing page.
If you want to set your own criteria and way to manage HTTPS keys, we are making it simple but flexible.
We have redesigned the certificate renewal workflow so the moment certificates are shown as “retired” is well before they break your services. This means that you can start managing security with your internal compliance to avoid downtimes, loss of business and loss of customers.
KeyChest has a new user management, so you can share notifications and management with your team. You can link users to new real-time notifications (email and Slack) with a granular selection of events.
The next feature to be switched on is automated renewals for internal certificates – our first integration is with HashiCorp Vault – a popular secret management system for devops teams.
It is slowly coming together now and you can take a look at: