ACME is why your certificates renew themselves at 3am without you knowing. The protocol that made encryption effortless.
Your browser has never met this server. Why does it trust the certificate? Because of a chain of vouching—from root CAs kept in vaults to the certificate in your hands.
Certificate pinning trades the Internet's trust model for your own. When it works, you're protected from compromised CAs. When it fails, your app is bricked. Here's how to decide if that trade is worth it.
Certificates expire on purpose. Short lifetimes force proof you still control your domain. Here's how automation makes that sustainable.
Before Certificate Transparency, a compromised CA could issue fake certificates and no one would ever know. CT makes the invisible visible—every certificate, logged forever, auditable by anyone.
A certificate is a cryptographic introduction. Here's how to verify who's vouching for a website—using your browser, command line, or online tools.
How a non-profit Certificate Authority exposed that HTTPS certificates should have been free all along—and changed the Internet by proving it.
Certificate revocation should let us un-trust compromised certificates. In practice, browsers ignore revocation failures to avoid breaking the web—meaning the security check fails exactly when attackers want it to.
Certificates expire on purpose. Short lifetimes limit the damage from stolen keys, force cryptographic upgrades, and drove the automation revolution that now renews millions of certificates without human intervention.
Was this page helpful?