KeyChest Blog

Dan

Find me on:

Recent Posts

Massive MS Windows bug - by NSA - how it works (maybe)

Jan 14, 2020 10:33:36 PM / by Dan posted in https, attack

0 Comments

I have just skimmed a looong discussion at Hacker News - https://news.ycombinator.com/item?id=22047573 - about a vulnerability so big that NSA was happy to be accredited. (I only wonder whether they spotted someone else using it.)

Read More

ACMEv2 Clients

Jan 4, 2020 1:48:55 AM / by Dan

1 Comment

As we have analyzed the existing Let's Encrypt clients for internal use, we realized that there is no public list that would also provide basic description with main features.

Read More

Let’s Encrypt for Companies with KeyChest

Dec 3, 2019 1:53:43 PM / by Dan posted in letsencrypt, https, keychest

0 Comments

Let’s Encrypt has a number of downsides when used on a large scale. It uses modern key management protocols, but the high-level of automation requires management. This is what KeyChest provides.

Read More

Certificate Monitoring - HTTPS/TLS

Nov 28, 2019 11:36:08 AM / by Dan posted in letsencrypt, certificate, https

0 Comments

As we continuously improve our own certificate management service, we keep an eye on other tools. There is a wide range of services and each of us has different requirements and preferences.

Read More

Let's Encrypt Uptime - 2 years on

Nov 24, 2019 5:37:46 PM / by Dan posted in letsencrypt, https

0 Comments

I have looked at the service disruptions of Let's Encrypt back at the end of 2017. Two years on, I had another look - and compared twelve months periods.

Read More

Minerva Attack and Humble Beginnings

Nov 22, 2019 8:03:53 AM / by Dan posted in key management, attack

0 Comments

Do you remember ROCA attack - the most devastating attack in 2017 that extracted secret keys from 25% of TPM module? It has a kind of a sibling - Minerva. While ROCA was about the RSA encryption, MINERVA is about Elliptic Curve (ECC) signing.

Read More

Automating HTTPS Issuance in KeyChest

Nov 21, 2019 10:10:44 AM / by Dan posted in certificate, keychest, key management

0 Comments

KeyChest's business model is based on the management of HTTPS expiry. Automation of certificate issuance is for us an additional service that moves it closer to a complete service to manage your internal and external certificates. What it means in practical terms is that we simply pass on our cost of certificates to all paying users of KeyChest.

Read More

KeyChest – Unifying Public and Private Keys

Jun 24, 2019 11:03:03 AM / by Dan posted in https, keychest, key management

0 Comments

KeyChest has started as an easy to use HTTPS monitoring service. What we are aiming for is a general purpose key management service, which can look after your public as well as internal web encryption keys.

Read More

KeyChest and Reliability

Jun 17, 2019 2:59:01 PM / by Dan posted in keychest, incident response

0 Comments

Those who have been with us for a while may know that we change the cloud provider to Digital Ocean in January. At the same time, we started experimenting with HA database cluster. And we learnt a lot.

Read More

Can blockchain remove the need for an SSL certificate authority?

Jun 14, 2019 2:08:01 PM / by Dan posted in certificate, security, quora

0 Comments

Let’s think about what blockchain does and what a certification authority (CA) does.

Read More