Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The word “certificate” means too many different things. When someone says “the certificate for example.com,” they might mean the public key the CA signed. They might mean the key-pair sitting on the filesystem. They might mean the signature that expires in 47 days. Or they might mean all the things together, that you’ve been renewing for the last 10 years. That last one doesn’t have a name in any PKI standard. And it should.

Two things shipped this week. One is for the MSPs who manage certificates on behalf of other companies. The other lets you run the shorter 45-day renewal cycle today.

The pitch for private PKI gets more compelling every year. Public certificate lifetimes are down to 200 days, dropping to 47 by 2029. If you run your own private certificate authority, you make your own rules. Issue certificates for as long as you want, skip the renewal churn. Let’s Encrypt and DigiCert don’t get to tell you what to do. Apple does though.