Blog about digital certificates, CAs, and security
Spring changes in root/intermediate certificates
During April and May 2026, selected root and intermediate certificates within the Mozilla and DigiCert ecosystems will be revoked. This article summarizes the reasons for these changes and their practical implications.
Apr 8, 2026 | Jindřich ZechmeisterFrom the latest articles
Shortening Certificate Validity: Automation is a Must
The TLS certificate landscape is changing rapidly. Shorter lifetimes and increased pressure for automated validation are reshaping current practices. With early changes from DigiCert and Google pushing automatic domain validation, automation is no longer…
Jan 23, 2026 | Jindřich ZechmeisterDigiCert introduced the ACME client DC-ACME for automation.
The new DC-ACME ACME client from DigiCert enables automatic certificate renewal without third-party tools. You therefore do not need to rely on Certbot or other programs. You can easily obtain the ACME EAB credentials in your SSLmarket account and start…
Jan 2, 2026 | Jindřich ZechmeisterSafer Software with Signing Transparency: What's New from Microsoft
Microsoft introduced Signing Transparency — a cryptographically verifiable transparent log that increases trust in software and protects against attacks on the software supply chain. Learn how this technology is changing the way signed artifacts are verified.
Nov 28, 2025 | Jindřich ZechmeisterACME and EAB: Support for Web Servers (Status as of 10/2025)
Learn how to use ACME and EAB to automate TLS certificates. We compare support on Nginx, Apache, LiteSpeed, and others, tips for DigiCert, and hassle-free implementation.
Oct 14, 2025 | Jindřich Zechmeister