  ____             _    _  __ _  _
 / ___| ___  _ __ | |_ | |/ /(_)| |_
| |    / _ \| '__|| __|| ' / | || __|
| |___|  __/| |   | |_ | . \ | || |_
 \____|\___||_|    \__||_|\_\|_| \__|

CertKit Blog

The 47-Day Certificate Ultimatum: How Browsers Broke the CA Cartel

Todd H. Gardner • October 2025

For twenty years, Certificate Authorities ran the perfect protection racket. Then SHA-1 got shattered, Apple went rogue, and certificates went from lasting 3 years to 47 days. This is the story of how browsers broke the CA cartel, and why your manual certificate process is about to become your biggest problem.
You Built Your Own Certificate Management System - It's Already Broken

Todd H. Gardner • September 2025

It started as 47 beautiful lines of bash. Now it’s a distributed certificate system built on thousands of command line incantations nobody understands, running on every server and some of the printers. If someone looks at it the wrong way, a certificate expires.
Why We Built CertKit

Todd H. Gardner • September 2025

SSL certificates have always been a pain. Now Apple wants us to renew them every 47 days. We watched a DevOps team waste six hours debugging CertBot, tried every tool from Cert Manager to DigiCert, then said screw it. We built CertKit - certificate management for people with better things to do.

CertKit Blog

The 47-Day Certificate Ultimatum: How Browsers Broke the CA Cartel

You Built Your Own Certificate Management System - It's Already Broken

Why We Built CertKit