Trust architecture, certificate lifecycle, and machine identity
47-Day Certificates: What Actually Changes and What to Do About It
The industry says automate faster. We think you're automating the wrong thing.
April 12, 2026 · [cyphrs] Team · 14 min read
TLS certificate lifetimes drop to 47 days by 2029 under SC-081. Most guides tell you to automate renewals. Here's why the real fix is rethinking which certificates need to be public at all – and a practical playbook for the transition.
Read article →More articles
Google Just Declared X.509 Isn't Enough for the Quantum Age
April 12, 2026 · 12 min read
Chrome won't put post-quantum signatures into X.509. Merkle Tree Certificates are coming for the public web. Private infrastructure doesn't need to wait.
TLS Client Authentication Ends June 2026
April 13, 2026 · 11 min read
Chrome's dual-use ban takes effect June 15. If your mTLS depends on public certificates, you have 63 days to migrate to private trust.
Quantum Computers Are Not a Future Problem
April 12, 2026 · 16 min read
NIST standards are finalised, Google is abandoning X.509 for public PQC, and adversaries are harvesting traffic. The gap is not in the cryptography – it's in the infrastructure.
The October 2026 Certificate Cliff Is Real
March 31, 2026 · 10 min read
The first wave of 200-day TLS certificates expires around October 1, 2026. Organizations that didn't automate or rethink their trust architecture will feel it.
Why Identity Belongs at the Network Layer
March 31, 2026 · 11 min read
Most systems accept connections first and verify identity later. mTLS flips that model, enforcing identity at the network layer before a single byte of data is exchanged.
Why You Can't Buy a Client Certificate from a Public CA Anymore
March 30, 2026 · 9 min read
Public CAs are permanently exiting client authentication. The Chrome Root Program forced a structural split between server and client trust.
The Hidden Risk of Simplification
March 30, 2026 · 10 min read
Wildcard certificates feel like operational efficiency. But that simplicity hides a dangerous truth: shared identity is not efficiency - it's risk concentration.
The Great Trust Bifurcation
March 24, 2026 · 12 min read
The management of SSL/TLS certificates is undergoing a fundamental transformation. A strategic framework for separating public and private trust.
Stop Managing Certificates. Start Owning Trust.
March 24, 2026 · 8 min read
Certificate management is becoming a full-time job. The problem isn't automation - it's the trust model.
The Certificate Automation Trap
March 24, 2026 · 9 min read
Automation solves the renewal problem. But if you're automating public certificates for internal services, you're solving the wrong problem faster.
Nobody Knows What Certificates They Have
March 24, 2026 · 8 min read
Most organizations undercount their certificates by 30–50%. You can't manage what you can't see.
AI Agents Need Certificates
March 24, 2026 · 8 min read
Every AI agent that calls an API, accesses a database, or talks to another agent needs a cryptographic identity. Certificates are how you give them one.
If Every AI Agent Needs a Certificate
March 24, 2026 · 9 min read
What happens when you scale agent identity from dozens to millions? The certificate infrastructure most organisations rely on wasn't built for this.
ADCS Autoenrollment's Silent Failures
March 24, 2026 · 9 min read
Microsoft's ADCS autoenrollment looks like automation. But when it fails, it fails silently – and most organisations don't find out until something breaks.
The DoD Can't Keep Its Certificates Current
March 24, 2026 · 10 min read
If the Department of Defense can't manage certificate lifecycles at scale, what chance does your organisation have with manual processes?
The Mongoose mTLS Bypass Proves What We've Been Saying
March 24, 2026 · 8 min read
A critical vulnerability in Mongoose's mTLS implementation shows what happens when certificate validation is treated as optional.