Sectigo launches pkimetal to simplify certificate linting for certificate authorities

pkimetal, short for PKI Meta-Linter, has been developed by Sectigo's Distinguished Engineer, Rob Stradling, creator of the widely acclaimed certificate transparency log monitoring tool crt.sh.

Released as open source, pkimetal significantly simplifies the implementation of performant and scalable linting for CAs via a single integration. pkimetal automates the detection and prevention of common certificate issuance problems, greatly assisting CAs in their efforts to maintain compliance with industry standards and root program requirements.

“The launch of pkimetal represents a significant advancement in ensuring a clean and compliant WebPKI environment,” said Kevin Weiss, CEO at Sectigo. “This open-source initiative underscores our commitment to innovation and excellence in digital certificate management. We're particularly proud of Rob Stradling's dedication to fostering industry-wide collaboration, which will greatly benefit the entire WebPKI ecosystem.”

The release comes hot on the heels of a recent update to the CA/Browser Forum TLS Baseline Requirements that requires CAs to implement a pre-issuance linting strategy that establishes minimum expectations in order to uphold reasonable compliance. Industry experts and root program administrators have already expressed their enthusiasm for pkimetal, highlighting its potential to streamline certificate linting processes and enhance the overall quality of issued certificates.

“The WebPKI community has identified pre-issuance linting as a lead tool in combatting certificate mis-issuance, and useful linting tools are available for CAs to use for exactly that purpose,” said Stradling. “However, integrating these tools is rather difficult and that can be a barrier to adoption. pkimetal provides a straightforward way for CAs to adopt and stay current on multiple linting tools to prevent a whole category of compliance errors.”

Stradling went on to say, “It’s exciting to be working at a CA with the culture of excellence and innovation that allows investment in initiatives like pkimetal and crt.sh.”

For more information, including API documentation and instructions on how to deploy your own instance of pkimetal, visit the open-source project website at https://github.com/pkimetal/pkimetal. To try out pkimetal for yourself, visit the public instance at https://pkimet.al/.

To learn more, listen to our latest podcast, Root Causes ep.417: Introducing pkimetal the PKI Meta-linter.

About Sectigo
Sectigo is the industry’s most innovative provider of comprehensive certificate lifecycle management (CLM), with automated solutions and digital certificates that secure every human and machine identity for the world’s largest brands. Its automated, cloud-native, universal CLM platform issues and manages digital certificates provided by all trusted certificate authorities (CAs) to simplify and improve security protocols across the enterprise. Sectigo is one of the longest-standing and largest CAs with more than 700,000 customers and two decades of delivering unparalleled digital trust. For more information, visit www.sectigo.com, follow us on LinkedIn, and subscribe to our Webby award-winning podcast, Root Causes.

Media Contact
[email protected]