KrakenKey is live with free and paid plans. Issue your first TLS certificate in minutes.

Blog

Insights on certificate management, automation, and the evolving TLS landscape.

May 27, 2026

The clientAuth EKU Is Gone from Public TLS Intermediates

Sectigo and DigiCert revoked their multi-purpose intermediate CAs on May 15. Chrome's June 15 CCADB deadline arrives in 19 days. Here's what breaks on your next certificate renewal and what needs to move to private PKI.

pkitlsekudigicertchromemtlscertificates
May 20, 2026

SC-098v2 Passes: RFC 8657 CAA Parameters Are Mandatory from March 2027

CA/Browser Forum Ballot SC-098v2 passed on May 13, requiring all publicly-trusted CAs to process the accounturi and validationmethods CAA parameters from RFC 8657. Here's what changes operationally.

caapkiacmecabforumrfc8657dns
May 13, 2026

Let's Encrypt's Generation Y Intermediates Go Live Today

On May 8, Let's Encrypt stopped issuing certificates for 2.5 hours due to a cross-signing problem with the new Generation Y root. Today the planned transition completes — here's what changes in your cert chain and what to check.

lets-encryptpkiacmecertificatesincidentgeneration-y
May 2, 2026

We Built a Free TLS Scanner (And Why We're Giving It Away)

Scan any TLS endpoint for free — certificate details, chain validation, cipher suites, and trust status in seconds. Here's what it does, how it compares to alternatives, and why it's free.

productscannertlsopen-source
April 19, 2026

Post-Quantum TLS Is Coming. Every Certificate You Own Will Be Reissued.

Two forces are converging on certificate management: shrinking lifetimes (47 days by 2029) and mandatory post-quantum migration (by 2035). Here's what that means and how to prepare.

post-quantumcertificatesPQCcomplianceNISTML-DSAautomation
April 1, 2026

Endpoint Monitoring: Know When Your TLS Is Broken Before Your Users Do

KrakenKey now monitors your TLS endpoints from multiple regions, catching misconfigurations, expiring certificates, and broken chains before they cause outages.

productmonitoringtlsendpoints
March 27, 2026

The 200-Day TLS Era Is Here — And It's Just the Beginning

CA/B Forum SC-081 is now in effect. TLS certificate lifetimes have dropped to 200 days, then 100, then 47. Here's what changed, why certbot isn't enough, and how KrakenKey keeps you ahead of it.

certificatescomplianceautomationSC-081v3lets-encrypt
March 25, 2026

Your AI Agent Can Manage Your TLS Certificates

KrakenKey ships agent-ready API and CLI tool definitions so AI coding agents can issue, renew, and manage TLS certificates autonomously.

aiagentsautomationcertificatescli
March 18, 2026

Introducing KrakenKey: Automated TLS Certificate Management

KrakenKey automates TLS certificate issuance for developers. Privacy-first with client-side CSR generation, automated DNS-01 challenges, and certificates issued in ~4 minutes.

launchproductcertificates