Log in Book demo Start free trial
 Certificate monitoring for IT teams

One place for certificates, TLS health
and NIS2 compliance. No spreadsheet required.

CertControl shows you which certificates are expiring, which endpoints have weak TLS, and where your NIS2 documentation has gaps — all in one place, so you can act before it costs you.

Start free trial See the product

14-day free trial  ·  EU hosted  ·  NIS2-ready  ·  Dedicated instance per customer

47
Days TLS cert
lifetime (2029)
Increase in
renewal frequency
8000+
Annual renewals
per 1k certs
app.certcontrol.pro — Operations Dashboard
CertControl operations dashboard showing active issues and certificate expiry overview
New industry standard

47-day certificates are coming

Mar 2026
200
200-day maximum Transition begins — automation becomes critical
Mar 2027
100
100-day maximum Manual renewals already strained at this cadence
Mar 2029
47
47-day maximum — final deadline Full enforcement. Every 6 weeks per certificate.

The CA/Browser Forum has unanimously voted. The timeline is set. For most organisations, this represents an 8× increase in renewal frequency — and spreadsheets simply won't scale.

Certificates in organisation 1,000
Renewals per year (today) ~1,000
Renewals per year (2029) ~8,000
Manual tracking viable? No.

CertControl tracks every certificate, alerts before expiry, and supports ACME/Let's Encrypt automation to remove the manual burden entirely.

Why manual certificate management fails

Manual certificate tracking breaks down —
and the longer the gap, the more expensive the failure

It usually starts with a spreadsheet and a handful of certificates. A few years later: dozens of certificates spread across suppliers, systems and inboxes — and nobody has the full picture. When something expires, you find out when a service goes down or an auditor asks.

🕳️

Scattered across everything

Certificates end up in supplier portals, inboxes, scripts and spreadsheets. Nobody knows exactly where they all are — and that matters when something expires or an auditor shows up.

🔓

Manual reminders fail

Calendar notes and email threads are not a system. Expiry dates slip through, follow-up stops when people leave, and compliance becomes reactive instead of planned.

📡

Hidden TLS weaknesses

Outdated protocols and weak cipher suites are rarely caught in the normal checks. They sit there quietly — and they are the first thing an external auditor or attacker looks for.

🧩

No audit trail when it counts

When documentation is spread across systems, emails and drives, you spend the first week gathering data — not answering auditors' questions.

The platform

Everything your team needs to keep certificates under control

Instead of four half-solutions, you get one system that covers monitoring, TLS analysis, attack surface, and compliance reporting — designed for teams who can't afford downtime.

🔐

Certificate lifecycle and expiry alerts

Complete visibility over expiry dates, certificate chains, OCSP status, and SAN validation. Alerts with plenty of notice — including for certificates you didn't know you had.

TLS analysis and security posture

Each endpoint gets a grade from A+ to F based on cipher suites, protocol versions, and HTTP headers. Find the weaknesses yourself — before your next audit or pentest does.

🎯

Attack surface and exposure

See how open ports, shadow services, and CVEs connect into exploitable attack paths — ranked by actual risk, not just a severity score.

📊

NIS2 compliance and reporting

Executive summaries, expiry forecasts, and operational risk — ready for the board and your auditor. Documentation that satisfies NIS2 Article 21 without you having to assemble it manually.

See NIS2 coverage →
See the full platform — all features, screenshots and agent details →
Common use cases

The problems we hear about again and again

Each of these scenarios is something real customers have told us about. They're exactly what CertControl is built to solve.

01

No unexpected certificate outages

Automatic monitoring of all expiry dates with timely alerts. No certificates slipping through — not even the ones on legacy systems or at suppliers.

Explore this use case →
02

Control over supplier certificates

Centralise documentation and expiry dates for all supplier certificates in one place. Stop chasing answers by email — see status directly in the dashboard.

See how it works →
03

Audit-ready — always

All relevant documentation collected and kept up to date continuously. When the auditor comes knocking, you're ready in 10 minutes — not 10 days.

View this use case →
Guides and resources

Guides to certificate management, NIS2, and TLS security

Written for IT managers, security teams, and compliance leads who want to understand certificate management — without it taking all afternoon.

Guide

How to Track Supplier Certificates Automatically

Replace spreadsheets with a more scalable approach to supplier documentation and expiry tracking.

Read article →
Guide

How to Avoid Expired Certificates

A structured method to reduce risk and improve visibility across all your certificates.

Read article →
NIS2 guide

NIS2 Documentation for the CISO

A practical guide to the certificate and TLS documentation that supervisory authorities expect under NIS2 Article 21.

Read article →
Try CertControl

Full control over your certificates — in 5 minutes

Create your account and connect your first endpoints in under 5 minutes. Full access to all features for 14 days — cancel before the trial ends and you pay nothing.

Start free trial — 14 days Book a demo

14-day free trial · Cancel before the trial ends and pay nothing · Your own dedicated instance from day one