Articles for those responsible for certificates, TLS compliance, and supplier documentation — written by people who know the pain of manual processes and audit pressure.
Attackers map your infrastructure using public certificate data. Here is how to get there first.
Published March 20, 2026
A phishing site targeting your brand can be live within the hour. The TLS certificate it is issued with is logged publicly the moment it appears — that is the early warning most teams never set up.
Published February 20, 2026
Developers spin up services and obtain certificates without informing IT. Certificate Transparency logs keep the receipts — and so does CertControl.
Published April 3, 2026
Before sending a single packet, attackers have a complete picture of your subdomains, exposed services, and forgotten infrastructure — all from public certificate logs. Here is the method, and the counter-move.
Published February 6, 2026
Your team removed the cloud resource but forgot the DNS record. Now anyone can claim it and serve content under your domain — including phishing and malware. Here is how subdomain takeover works and how to find your exposure.
NIS2, ISO 27001, GDPR, and DORA impose concrete requirements on TLS and cryptography management. Here is what you actually need to get right.
Published April 15, 2026
Supervisory authorities have a checklist. Here is what they specifically ask about certificates and TLS — and what you should have documented before they come knocking.
Published March 25, 2026
ISO 27001, NIS2, and internal audits ask concrete questions about TLS certificates. Here is the checklist and what leaves a strong impression.
Published April 8, 2026
Banks and insurers must comply with both DORA and NIS2 — with overlapping and at times conflicting requirements. Here is what specifically applies to TLS certificates and cryptography management.
Published March 6, 2026
NIS2 requires documented asset inventory, incident response, and supply chain security. TLS certificates sit at the intersection of all three — and are the area most often unprepared at audit time.
Published March 13, 2026
Annex A controls on cryptography (A.10) and asset management (A.8) have direct implications for certificate management. Here is what auditors test — and the documentation that makes the difference.
Published March 27, 2026
If TLS encryption fails in transit because of an expired certificate, it can trigger a 72-hour notification obligation under GDPR — and this is not a hypothetical situation. Here is when that line gets crossed.
For teams who cannot afford downtime: concrete certificate operations and architecture — no filler.
Published January 23, 2026
The CA/Browser Forum has voted: from 2029 certificates are valid for a maximum of 47 days. Manual renewal will not hold. Here is what the transition requires — and how ACME automation makes it manageable now.
Published April 10, 2026
An expired certificate on your CDN edge takes down all traffic behind it — not just one endpoint. Here is why edge certificates are systematically overlooked, and what you do about it.
Published April 10, 2026
A realistic postmortem analysis: how certificate expiry gets past every warning, what it costs to discover in production, and which process changes prevent a recurrence.
Published April 3, 2026
During a cloud migration, endpoints, tooling, and ownership all change — while certificates quietly keep expiring. Here is how to handle the certificate dimension without causing outages mid-migration.
Published April 16, 2026
When a supplier's certificate expires, your integration breaks — and your on-call phone rings. You got no warning and cannot renew it for them. Here is how you get visibility anyway.
Published April 22, 2026
By 2029 every certificate expires after 47 days. For organisations relying on manual renewal, that means 7–8x more work. Here is the calculation — and when automation pays for itself.
Published April 24, 2026
Most expiry outages happen not because no alert was set up — but because it reached the wrong person, or nobody at all. Here is the three-layer alert strategy that actually holds.
Understand certificates properly, learn from others' mistakes, and build processes that hold — even as your infrastructure changes.
Published January 30, 2026
One certificate, one private key, every subdomain. The convenience is real — but if that key is compromised, your entire subdomain surface is exposed at once. That is the price of simplicity.
Published February 27, 2026
Missing intermediate certificates, expired chain links, and cross-signed roots produce errors that work in Chrome, fail in curl — and are nearly impossible to debug without understanding the chain. Here is the model.
Published March 27, 2026
Revocation sounds like an instant security valve. In practice, most browsers choose to fail open when the OCSP responder is unreachable — and compromised certificates remain functional. Here is what revocation actually gives you.
Published February 13, 2026
Without a CAA record, any of the 100+ publicly trusted CAs can issue certificates for your domain. It takes five minutes to close that gap. The vast majority of organisations have not done it yet.
Published January 9, 2026
Most teams think they have an overview — then discover blind spots during audits or outages. Here is the methodology for a complete inventory that actually keeps pace with infrastructure changes.
Published January 16, 2026
Every TLS certificate issued for a public domain is logged permanently and publicly — by design, not by accident. Here is how CT logs work, and how to use them to monitor your attack surface.
Published December 11, 2025
Spreadsheets tracking supplier certificates become stale faster than they get updated. Here is how to build a process that automatically keeps pace — and gives auditors the documentation they ask for.
Published November 27, 2025
Certificate expiry is almost always a process failure, not a technical one. Here is the structured system that ensures no certificate slips through the cracks — in day-to-day operations or at audit time.
Published December 4, 2025
Manual certificate tracking does not scale and fails predictably under pressure. Here is a direct comparison of workload, risk profile, and what is genuinely saved by automating.
Published April 24, 2026
TLS monitoring is not the same as a calendar reminder for expiry dates. It is continuous automated scanning that covers all the ways a certificate and TLS configuration can fail — and alerts you before it happens.
Published March 19, 2026
CLM covers the end-to-end process of managing TLS certificates — from discovery and issuance through monitoring and renewal. This guide explains what the category actually includes and what to look for when evaluating CLM software.
Certificates, supplier documentation, and audit readiness typically land on whoever said yes once five years ago. These articles are for you — to make the process clearer and the outcome defensible.
Already feeling the pain? See what the product concretely solves — or book 20 minutes and talk to us about your setup.