Sectigo and WebPKI Solutions are excited to introduce pkimetal, an innovative project aimed at transforming how Certification Authorities (CAs) deploy certificate linting.
pkimetal, short for PKI Meta-Linter, has been developed by Sectigo’s Distinguished Engineer, Rob Stradling, creator of the widely acclaimed certificate transparency log monitoring tool crt.sh.
Released as open source, pkimetal significantly simplifies the implementation of performant and scalable linting for CAs via a single integration. pkimetal automates the detection and prevention of common certificate issuance problems, greatly assisting CAs in their efforts to maintain compliance with industry standards and root program requirements.
“The launch of pkimetal represents a significant advancement in ensuring a clean and compliant WebPKI environment,” said Kevin Weiss, CEO at Sectigo. “This open-source initiative underscores our commitment to innovation and excellence in digital certificate management. We’re particularly proud of Rob Stradling’s dedication to fostering industry-wide collaboration, which will greatly benefit the entire WebPKI ecosystem.”
The release comes hot on the heels of a recent update to the CA/Browser Forum TLS Baseline Requirements that requires CAs to implement a pre-issuance linting strategy that establishes minimum expectations in order to uphold reasonable compliance. Industry experts and root program administrators have already expressed their enthusiasm for pkimetal, highlighting its potential to streamline certificate linting processes and enhance the overall quality of issued certificates.
“The WebPKI community has identified pre-issuance linting as a lead tool in combatting certificate mis-issuance, and useful linting tools are available for CAs to use for exactly that purpose,” said Stradling. “However, integrating these tools is rather difficult and that can be a barrier to adoption. pkimetal provides a straightforward way for CAs to adopt and stay current on multiple linting tools to prevent a whole category of compliance errors.”
Stradling went on to say, “It’s exciting to be working at a CA with the culture of excellence and innovation that allows investment in initiatives like pkimetal and crt.sh.”
For more information, including API documentation and instructions on how to deploy your own instance of pkimetal, visit the open-source project website at https://github.com/pkimetal/pkimetal. To try out pkimetal for yourself, visit the public instance at the website here.
Related News:
Security Concerns Shaping the Way Organizations Approach DevOps