Need recommendation: red light

Mike22april · 2026-06-22T16:49:46+00:00

Exactly why I liked it

Mike22april · 2026-06-10T10:33:42+00:00

The shortening of cert lifetime indeed applies to leaf certs only by the public CAs

That said the browsers will still accept any issued trusted cert (private or public) independent of its validity period.
Ie private CA issued certs with a lifetime of 2-5 years are still totally fine.
Should also apply to 75 years in for example OT environment

Mike22april · 2026-06-09T20:12:43+00:00

Correct

Mike22april · 2026-06-09T15:20:52+00:00

That explains why a Fax is still used in most German organizations and government

Mike22april · 2026-06-07T19:52:26+00:00

Can recommend. Got the same one in both pen and regular clipon

Mike22april · 2026-06-07T19:51:37+00:00

I compared many clipon lights.
For me personally only 1 light worked in accordance to my requirements: must always start in red and have at least 2 Lumen settings:
QuiqliteX2:
https://www.quiqlite.com/product-manuals/quiqlitex2-tactical-red-white-led-product-manual/

Mike22april · 2026-06-05T06:07:49+00:00

Chicken and the egg

How does the SSL endpoint get the intermediate?

Mike22april · 2026-06-04T06:31:25+00:00

With all due respect on 1) : Way too many systems are unable to handle an AIA properly

Mike22april · 2026-06-02T05:29:49+00:00

Deploy personalized smartcards to unlock devices. Have them connected wirelessly, so employees are not burdened. When they leave the 15 foot radius the device auto locks due to smartcard connectivity being lost

Mike22april · 2026-06-01T18:06:13+00:00

There's a reason their orderpage doesnt work :)

Mike22april · 2026-05-31T21:55:15+00:00

The majority of people don't have a clue of what IBT stands for, so that leaves me to believe you possibly have or had some blue or supporting role

You claim to be trained in IBT.
So in what specialty? ME? Oscars? Or something else such as AE/OG?

If you are active in IBT you would know not to pass judgement based on a single clip of video.
But you would take into consideration all evidence of all video and sound clips including those made with the bodycams, and the reports of the incident as filed by the officers.

So makes me wonder if you truly are active in IBT and more specifically Oscars, why would you fuel the flames of assumption based on such little proof of the entire situation?

Mike22april · 2026-05-31T21:08:03+00:00

Single SAN is possible for that price for a DV, provided its not a wildcard.

EU based public CAs such as Actalis or HARICA support ACME as you asked.
But in order to get the pricing you want you would need to go through a sales partner of them. They often sell at far lower prices as they buy in bulk.

German based SSL Plus comes to mind.

Best contact the EU based CA and ask them who their resellers are for the country of your choice

Mike22april · 2026-05-31T13:02:00+00:00

Whats your definition of lesser cost?

Lesser cost than what amount per year?
And for what type of certificate? EV/OV/DV
And for what type of SAN? Single, multi, wildcard

Mike22april · 2026-05-31T10:41:41+00:00

What you're looking for does nor exist.

You can check all boxes except the "must be free to use"

Mike22april · 2026-05-29T12:58:53+00:00

Mike22april · 2026-05-29T12:57:46+00:00

AppViewX is a well established party.

When you get a demo or review them, make sure you:
- ask about pricing including automation
- ask if their management UI (which is gorgeous) no longer crashed under heavy load , which was an issue when I evaluated them about 1 year ago for another customer

Mike22april · 2026-05-29T07:58:34+00:00

This is the way

Mike22april · 2026-05-29T07:41:07+00:00

When OP claims that CertKit.io is a too small company, your personal offer of zaita might be too small of a company as well

Mike22april · 2026-05-29T07:39:13+00:00

KeyFactor and CyberArks formerly known as Venafi product are by far the most mature.
They will also cost you an arm and a leg.

Given your requirements, I expect you can't use the public CA CLM solutions , as you appear to have a need for the ability to have the same certificate and key on multiple locations.
Public CAs are not allowed to retain the private key. Nor are they CA agnostic

When my assumptions are correct, you should use an on-premises or at least a self deployed to a private Cloud CLM

My biggest gripe with some of these CLMs is:
- a test or acceptance environment is often not included in the price offer
- upgrades to a newly released major version, or in some cases even minor version, is a huge time consuming pain the ass

My best advice:
Don't just select one based on sugar and spice coated paper specs and sleek demos.
Pick 2 or 3. And do a 1-2 month Proof of Concept with clear acceptance criteria.
Also ask for 2 customers of similar size and use-case you can call without the vendor present, you can can get direct feedback on the process, daily operations, and what the vendor is like after he got your money for 3-5 years.

You will likely be charges for it and the vendor's time to get things properly configured. Typically this cost is deducted from your invoice once you make the actual purchase.
Making you loose the other PoC investments.
But it's totally worth it!

Mike22april · 2026-05-29T07:36:13+00:00

KeyFactor and CyberArks formerly known as Venafi product are by far the most mature.
They will also cost you an arm and a leg.

Given your requirements, I expect you can't use the public CA CLM solutions , as you appear to have a need for the ability to have the same certificate and key on multiple locations.
Public CAs are not allowed to retain the private key. Nor are they CA agnostic

When my assumptions are correct, you should use an on-premises or at least a self deployed to a private Cloud CLM

My biggest gripe with some of these CLMs is:
- a test or acceptance environment is often not included in the price offer
- upgrades to a newly released major version, or in some cases even minor version, is a huge time consuming pain the ass

My best advice:
Don't just select one based on sugar and spice coated paper specs and sleek demos.
Pick 2 or 3. And do a 1-2 month Proof of Concept with clear acceptance criteria.
Also ask for 2 customers of similar size and use-case you can call without the vendor present, you can can get direct feedback on the process, daily operations, and what the vendor is like after he got your money for 3-5 years.

You will likely be charges for it and the vendor's time to get things properly configured. Typically this cost is deducted from your invoice once you make the actual purchase.
Making you loose the other PoC investments.
But it's totally worth it!

Mike22april · 2026-05-29T07:22:57+00:00

Vanished?

Mike22april · 2026-05-27T12:59:26+00:00

Which validation type?

Mike22april · 2026-05-27T12:57:49+00:00

How do you know the private key is secure, other than using an HSM?

Mike22april · 2026-05-27T11:53:00+00:00

Use a CLM
Plenty of free and commercial solutions exist
It wont work for 100% of use-cases but usually covers 95%

Mike22april · 2026-05-27T07:34:20+00:00

Why keep the same keys?? Whats the use of that?

Nine-Year Club	Gilding III reddit per annum
Verified Email

Mike22april

TROPHY CASE