Sectigo launches pkimetal to streamline certificate linting
Sectigo has unveiled pkimetal, an open-source project aimed at easing the implementation of pre-issuance certificate linting for Certification Authorities (CAs).
The initiative, spearheaded by Sectigo's Distinguished Engineer Rob Stradling, is designed to help CAs automatically detect and prevent common certificate issuance problems.
pkimetal, which stands for PKI Meta-Linter, offers a single integration solution for CAs. By simplifying the linting process, it aims to reduce the complexity and error potential associated with certificate issuance. According to Sectigo, this project automates compliance with industry standards and root program requirements.
Kevin Weiss, CEO of Sectigo, stated, "The launch of pkimetal represents a significant advancement in ensuring a clean and compliant WebPKI environment. This open-source initiative underscores our commitment to innovation and excellence in digital certificate management. We're particularly proud of Rob Stradling's dedication to fostering industry-wide collaboration, which will greatly benefit the entire WebPKI ecosystem."
The announcement follows a recent update to the CABForum TLS Baseline Requirements, which stipulates that CAs must implement a pre-issuance linting strategy. This strategy is expected to uphold compliance standards within the industry. Experts and administrators in root programs have already shown their support for pkimetal, emphasising its potential to streamline the linting process and improve the overall quality of issued certificates.
Stradling highlighted the challenges that come with integrating existing linting tools. "The WebPKI community has identified pre-issuance linting as a lead tool in combatting certificate mis-issuance, and useful linting tools are available for CAs to use for exactly that purpose," he said. "However, integrating these tools is rather difficult and that can be a barrier to adoption. pkimetal provides a straightforward way for CAs to adopt and stay current on multiple linting tools to prevent a whole category of compliance errors."
He added, "It's exciting to be working at a CA with the culture of excellence and innovation that allows investment in initiatives like pkimetal and crt.sh."
For those interested, further details including API documentation and instructions on how to deploy pkimetal can be found on the open-source project website. Additionally, Sectigo is offering a public instance for users to try out the new tool themselves.
Sectigo is a provider of comprehensive certificate lifecycle management (CLM), with automated solutions and digital certificates that secure every human and machine identity. Its automated, cloud-native, universal CLM platform issues and manages digital certificates provided by all trusted certificate authorities (CAs) to simplify and improve security protocols across the enterprise.