Free Post Let's Encrypt Let's Encrypt to offer 6-day certificates! Continuing their trend of radical change for the better, Let's Encrypt have announced that, this year, you will be able to request certificates with a validity period of...
Free Post ocsp Let's Encrypt to end OCSP support in 2025 Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is...
Free Post TLS Cryptographic Agility Part 1: Server Certificates We've encountered a lot of problems of our own making in the TLS/PKI ecosystem in recent years, and whilst we've got better at dealing with...
Free Post Let's Encrypt Working around expired Root Certificates Should clients care about when a Root Certificate expires? That's a bit of an odd question, and the first time I asked myself this question, the answer was...
Free Post Let's Encrypt Let's Encrypt Root Expiration - Post-Mortem Well, the Internet Apocalypse came and went! Due to the recent expiration of the Let's Encrypt intermediate and root certificates, I saw more widespread issues than I was...
Free Post Let's Encrypt Introducing another free CA as an alternative to Let's Encrypt Let's Encrypt is an amazing organisation doing an amazing thing by providing certificates at scale, for free. The problem though was that they were the only such organisation...
Free Post Let's Encrypt Let's Encrypt issues new Root and Intermediate Certificates Let's Encrypt have just issued a bunch of new certificates including a new Root and several Intermediates. These will bring some significant advantages so let's dive...
Free Post Let's Encrypt Let's Encrypt postpone the ISRG Root transition I was looking forward to something happening this month in the world of PKI that has had to be postponed for the 3rd time. Let's Encrypt were going...
Free Post Cross-Signing Cross-Signing and Alternate Trust Paths; How They Work In my last couple of posts about CAs and Root Certificates I've talked about something called Alternate Trust Paths. As a result, many people have asked me questions...
Free Post Certificate Authorities The Complexities of Chain Building and CA Infrastructure In my previous blog post [https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/] I looked at the problem of expiring Root CA Certificates and why it exists and you should definitely read that...
Follow