As featured on
Press and appearances
Conversations about why SSL certificates keep getting shorter, and what to do about it.
The CertKit team talks with podcasts and conferences about the industry shift to short-lived certificates, the 47-day deadline, and the operational reality of keeping certificates renewed and deployed. A few of those conversations are below.
On podcasts
47 Day Certificates
Why the maximum certificate lifetime is dropping to 47 days, how the 200-day cap already in effect changes renewal, and why broken revocation is the reason behind it all.
CertKit, Part 1: How Certificates Work
A ground-up tour of how SSL certificates work. Issuance, expiration, certificate authorities, transparency logs, wildcard certificates, free certificates from Let's Encrypt, and the lifetime changes forcing automation.
Certificate Automation
The end of the one-year SSL certificate. The CA/Browser Forum move to 200 days in March 2026, the road to 47 days by 2029, and why automating renewal is no longer optional.
Conference talks
Everything you learned about SSL is deprecated
- NDC Toronto, Toronto, May 2027
- Open Source North, St. Paul, May 2027
Remember your first HTTPS server? RSA keys, year+ certificates, and some openssl incantation you copied from StackOverflow. That's all outdated now.
TLS 1.3 threw out decades of cipher complexity. Snowden leaks moved Perfect Forward Secrecy from optional to mandatory. Let's Encrypt made certificates a free API call. And browser vendors are pushing certificate lifetimes down to 47 days.
This talk is a tour of modern TLS. We'll cover what changed, why it changed, and what breaks if you don't make updates.
Want us on your show or event?
We talk about certificate automation, the politics behind shrinking certificate lifetimes, and the operational mess of certificate management. Get in touch.