Operations | Monitoring | ITSM | DevOps | Cloud

certkit

BygoneSSL and the certificate that wouldn't die

Oct 27, 2025 By Todd H. Gardner In CertKit
Turns out the scariest thing about SSL certificates isn’t when they expire. It’s when they don’t. I wrote about the CA/Browser fight that led to the 47-day certificate mandate. CAs crying about lost revenue, browsers flexing their root program authority, enterprises stuck in the middle. But nobody talks about the security research that started it all: BygoneSSL at DEFCON 2018. Two researchers mining Certificate Transparency logs found something surprising.
Read Post
Sponsored Post
47 Day Certificates Make Premium SSL Worthless

47 Day Certificates Make Premium SSL Worthless

Oct 21, 2025 By Todd H. Gardner In CertKit
Your enterprise just paid $500 for an SSL certificate. You know what it does that a free one doesn't? Nothing. Absolutely nothing. And the 47 day certificate mandate hits, you'll pay that $500 to touch that cert eight times a year, per certificate. For the same encryption, same trust, same green padlock that Let's Encrypt gives away for free.
Read Post
certkit

The 47-Day Certificate Ultimatum: How Browsers Broke the CA Cartel

Oct 6, 2025 By Todd H. Gardner In CertKit
For twenty years, Certificate Authorities ran the perfect protection racket. The CAs had a beautiful monopoly. Browsers needed them to keep users safe. Websites needed them to look legitimate. Everyone paid up, nobody asked too many questions. Then the cryptography of most certificates (SHA-1) got shattered, and the browsers realized they’d been played.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.