Certificates
20 articles about Certificates
CA/Browser Forum: ACME CAA Extensions (RFC 8657) To Become Mandatory
The CA/Browser Forum has spoken: ACME CAA extensions will be mandatory from March 2027 onward.
Read moreCertificatesHigh-Assurance Certificate Transparency Monitoring with Red Sift Certificates
Learn how to detect unauthorized certificate issuances with Certificate Transparency monitoring. Set up CAA policies, CT monitoring rules, and high-assurance escalation in Red Sift Certificates.
Read moreCertificatesShould you use public PKIs for your private infrastructure?
Public PKIs are cost-effective for internal use, but come with trade-offs like certificate transparency, rate limits, and shrinking lifetimes. Here's how to decide between public and private PKI.
Read moreCertificatesHow many public PKIs are there?
Public Key Infrastructures go far beyond Web PKI. Explore the full landscape of public PKIs — from code signing and S/MIME to BIMI and Matter — and learn which one fits your needs.
Read moreCertificatesPKI ecosystem changes in 2026: what your team needs to know
2026 brings shorter certificate lifetimes, unmanaged private PKI, and looming post-quantum migration. A concise guide to the changes security teams need to plan for.
Read moreCertificatesHow expired certificates can cause service downtime and financial losses
Certificate expiry outages cost enterprises up to $5 million per incident and take hours to resolve. This post covers the financial impact and how to prevent them.
Read moreCertificatesTowards monthly certificate renewal
Certificate lifetimes are shrinking to 47 days by 2029. This post explains why shorter lifetimes improve security and why automation is now essential for renewal.
Read moreCertificatesCertificate Lifecycle Management needs a dedicated monitoring platform
CLM tools manage issuance and renewal, but dedicated monitoring platforms provide the real-time discovery and Certificate Transparency visibility that enterprises actually need.
Read moreCertificatesCryptographic discovery requires deep infrastructure expertise and big data
Ivan Ristic explains how building a cryptographic discovery platform requires combining deep network infrastructure knowledge with large-scale monitoring of domains, DNS, and certificates.
Read moreCertificatesCertificate Transparency should be the key aspect of your cryptographic discovery strategy
Certificate Transparency logs provide real-time visibility into every certificate issued for your domains. This post explains why CT should anchor your cryptographic discovery strategy.
Read moreCertificatesCertificate Monitoring versus Certificate Lifecycle Management
CLM automates the certificate lifecycle from issuance to expiry, while certificate monitoring focuses on discovery and visibility. This post explains when you need each — and why you likely need both.
Read moreCertificatesHow to build an inventory of certificates for PCI DSS 4.0 Requirement 4.2.1.1
PCI DSS 4.0 Requirement 4.2.1.1 mandates a complete certificate inventory by March 2025. This guide walks through how to build and maintain one using automated discovery.
Read moreCertificatesTLS Certificate Lifetimes Are Shrinking: What's Changing
Certificate authorities are moving toward shorter TLS lifetimes. Here's what the changes mean for your renewal process and how to stay ahead.
Read moreCertificatesSix-Day TLS Certificates: What You Need to Know
Proposals for six-day certificate lifetimes would require near-continuous automation. Here's what's being proposed, why, and how to prepare.
Read moreCertificatesPCI-DSS Takes Aim at Phishing: What It Means for Compliance
The latest PCI-DSS update puts phishing prevention in scope. Here's what changed, what's required, and how to get ahead of the requirements.
Read moreCertificatesApple and Chrome Propose Shorter Certificate Lifetimes
Apple and Chrome are backing proposals to reduce TLS certificate validity periods. Here's what shorter lifetimes mean for your PKI operations.
Read moreCertificatesPCI DSS 4.0 Cryptographic Requirements: A Practical Guide
PCI DSS 4.0 tightens the rules on cryptography and certificate management. Here's what's required, what's changed, and how to become compliant.
Read moreCertificatesGoogle Distrusts Entrust Certificates: What to Do Now
Google Chrome will stop trusting Entrust-issued certificates from October 2024. Here's what's affected, the timeline, and how to reissue safely.
Read moreCertificatesWhy Certificate Transparency Logs Are Your Best PKI Defence
CT logs give you visibility into every certificate issued for your domains — including ones you didn't authorise. Here's how to use them proactively.
Read moreCertificatesHow HTTPS Replaced HTTP — and Why It Still Matters
HTTPS is now the baseline for web security, but many organisations still have gaps. Here's how the transition happened and what to watch for now.
Read more