Roadmap

This is where we're headed, but we'd rather build what you actually need. Vote on the features that matter to you, or tell us what we're missing.

In progress

We are currently building these features and expect to launch them in the coming weeks.

  1. Single Sign On

    SAML-compliant SSO implementation

  2. User management and roles

    Add/invite/remote users from your account. Give them permissions for applications and support manager and viewer roles.

  3. Weekly Email Summary

    Weekly summary email of certificates, renewals, expirations, and agent status. Also the ability to subscribe/unsubscribe from email.

High priority

These are features often requested by customers, or critical to the next step in our vision.

  1. DNS-PERSIST-01 Validation

    Switch certificate validation over to DNS-PERSIST-01 once implemented by Let's Encrypt.

  2. Local Gateway (local private keys)

    A proxy and private key storage service that runs locally in the customer's environment.

  3. ARI Certificate Renewal

    Honor the ARI certificate renewal timing from Let's Encrypt.

  4. 6-Day Certificates

    Support for Let's Encrypt's short-term 6 day certificates.

  5. IP Certificates

    Certificates for IP Addresses with HTTP-01 Validation

Backlog

Features that we think are neat, or have been requested, but we're not sure where they fit into the plan yet.

  1. Advanced Alerting

    Configure customized alerting types, rules, and destinations

  2. Certificate Tags

    Create and manage tags for certificates to organize by owner, department, or use case. UI search and filtering by tag.

  3. Private CA

    Issue private certificates directly from CertKit. Trust your account's root Certificate and generate unlimited certificates signed by CertKit.

  4. Other Issuers

    Support for other ACME issuers like Digicert, ZeroSSL, etc.

  5. Self-serve rotate API keys

    Rotate and re-issue API keys from the UI.

  6. Certificate Transparency Log API

    API access to the Certificate Transparency Log to do advanced searches and firehose data.

  7. Certificate Push

    Agent, gateway, or other mechanism to "push" certificates into appliances or systems that are unable to run the agent themselves. This might look like a scripted API call or allowing the agent to upload certificates via SSH or file share.

  8. F5 Load Balancers

    Integration with F5 Load Balancers to push updated certificates into them.

  9. Microsoft Exchange

    Agent integration to update Microsoft Exchange server certificates

  10. Microsoft Remote Desktop

    Agent integration to update RDP Certificates

  11. Data Sovereignty

    Keep your hosted certificates geographically located in the EU, UK, or other locations

Completed

All the things that CertKit already does today!

  1. Microsoft RRAS VPN Support

    Released 2026-02 • Blog Announcement

    Expand the Windows agent to include support for Microsoft Routing and Remote Access Service.

  2. Host Agent

    Released 2026-02 • Blog Announcement

    The agent simplifies the distribution of certificates to your infrastructure. The agent runs as a service on each of your hosts, allowing you to configure the services and certificates to distribute to each host.

  3. Multiple applications

    Released 2026-01 • Blog Announcement

    Create multiple groups of certificates within an account. Each group should have its own access credentials.

  4. Multi-domain certificates

    Released 2025-12 • Blog Announcement

    Create multi-domain (multi-san) certificates. Allow the control of the certificate Common Name (CN).

  5. Certificate Transparency Log Search

    Released 2025-11 • Blog Announcement

    Be able to search for all the certificates in a domain from the Certificate Transparency Log, and import them to be monitored or managed by CertKit.