Safer Internet Day highlights the importance of trust online. Learn the website security checks businesses should prioritize in 2026 to protect users and brands.
Driving the future of PKI
Standards leadership, open-source tooling, and operational stewardship for the WebPKI.
Sectigo is not just part of the PKI conversation. We help lead it. Through standards leadership, open-source tools, and trusted infrastructure the WebPKI relies on, we help make the internet safer and more reliable.
What we contribute
Sectigo contributes to the WebPKI through standards leadership, open-source software development, and the operation of trusted PKI infrastructure.
Standards & industry participation
Sectigo helps define the rules that underpin PKI, holding record leadership roles in the CA/Browser Forum and senior positions across global standards bodies.
Open-source contributions
Sectigo is the leader in building and maintaining tools the WebPKI depends on, including crt.sh, pkimetal, ctlint, and Open MPIC. These open-source projects strengthen the webPKI for everyone.
TIE leadership
At Sectigo, trust is operationalized through Technical, Intellectual, and Ethical leadership at every stage of operations.
TIE leadership
Technical, intellectual, and ethical controls for PKI operations
Sectigo’s TIE framework, spanning Technical, Intellectual, and Ethical leadership, shapes how we design, test, and run our certificate infrastructure. Every control, review, and safeguard is built to prevent the operational and compliance failures that have challenged other CAs, while keeping our practices transparent and aligned with the broader internet community.
Technical leadership
Engineering trust through disciplined, standards‑driven operations
Sectigo operates critical public trust infrastructure with a focus on reliability, transparency, and operational rigor. Our technical leadership spans day-to-day PKI operations, formal compliance frameworks, active standards participation, and open-source contributions that support the broader WebPKI ecosystem.
Open‑source contributions
Sectigo is a major contributor to the open‑source technologies the WebPKI depends on. Our work supports certificate authorities (CAs), browser vendors, researchers, and security teams, ensuring transparency, preventing mis-issuance, and keeping the web secure.
Ecosystem‑critical projects include:
crt.sh
Sectigo operates and maintains the industry standard Certificate Transparency log search and reporting tool, relied on by CCADB¹ and major browsers.
¹CCADB is the consortium of browsers enforcing CABF Baseline Requirements, including Chrome, Apple, Mozilla, Microsoft, and Opera.
pkimetal
Sectigo created, maintains, and hosts pkimetal, a PKI meta-linter that brings consistency to pre-issuance linting across public CAs.
Open MPIC
Sectigo is the primary contributor and owner of the Open MPIC (Multi‑Perspective Issuance Corroboration) project, enabling CA compliance with MPIC requirements.
Certificate Transparency Logs
Sectigo operates two public CT logs, relied upon industry-wide for transparency and auditing.
PostgreSQL for CT logs
Sectigo added PostgreSQL support to Trillian, the CT logging open-source project, to increase CT ecosystem resilience.
certlint and ctlint
Sectigo created ctlint and is the owner of both ctlint and certlint, two important linting tools used throughout the industry.
CA cross-signing
Sectigo supports CA cross-signing to help maintain compatibility across trust environments and ensure smooth certificate chain validation.
certbot
Sectigo contributes to the industry’s most popular ACME automation client.
Weak Debian key detection
Extensive open‑source code was created by Sectigo to detect weak Debian keys and prevent their use in public certificates.
CA/Browser Forum (CA/BF) support
Sectigo maintains critical CA/BF resources, including mailing lists, wiki, and websites to keep the industry aligned and informed.
Sectigo’s proven trust by the numbers
95% +
Self-reported incidents: More than 95% of incidents are self‑reported proactively by Sectigo.
0
Delayed revocations: Sectigo does not deliberately delay revocation and has had no delayed revocations since February 2023.
≤ 7 days
Response time: All questions and public comments posted on Bugzilla receive a response within seven days or less.
5
Leadership seats in the CA/Browser Forum: A record-setting level of influence, including a Vice Chair role, shaping policy, ballots, and working group direction.
Intellectual leadership
Advancing PKI knowledge through research, standards, and ecosystem expertise.
Sectigo helps shape the future of PKI through standards leadership, industry engagement, and education. From global policy forums to award-winning media and post-quantum research, our contributions inform how trust evolves across the ecosystem.
Industry forums & events
Active participation at industry forums including RSAC, Gartner, ENISA, ETSI, PQC events, and CA/BF in-person meetings.
Research & thought leadership
Ongoing publication of webinars, whitepapers, blogs, and operational guidance advancing PKI best practices across the community.
Root Causes podcast
Webby Award Honoree podcast with more than 600 episodes and over 600K listeners.
Sectigo Quantum Labs
Industry-first microsite dedicated to post-quantum cryptography education and sandbox certificate testing.
Ethical leadership
Strict adherence to CA/BF Baseline Requirements, root programs, ETSI standards, WebTrust compliance, and global regulations.
Proactive incident disclosure through Bugzilla, including self-reporting, thorough root cause analysis, and timely remediation.
Continuous monitoring of industry CA incidents, with internal reviews to prevent repeat ecosystem failures.
Commitment to fair, lawful, and equitable treatment of employees, contractors, and ecosystem partners worldwide.
Promoting the fundamental truth that all CAs and TSPs, as stewards of public trust, need to hold themselves to a higher standard than minimal compliance.
Promotion of the idea of ethical CA behavior through industry standards bodies, press articles, speaking opportunities, and more.
Explore our latest insights
Root Causes PodcastRoot Causes 582: New Research Drastically Cuts Number of Qubits for Cryptographic Relevance
New research indicates that the number of qubits necessary to achieve cryptographic relevance has reduced by two orders of magnitude. We cover this breaking news and its implications.
Discover how Common Mark Certificates enable you to display your brand logo in email inboxes with no trademark required. Boost trust with CMCs and BIMI.
By CABF ballot all manual methods of Domain Control Validation (DCV) will be deprecated by 2028. We explain which methods are due for deprecation and when.
Sectigo BlogWhen Digital Trust Breaks: How Shrinking Certificate Lifespans Expose Hidden Security Debt
Shrinking certificate lifespans expose hidden security debt, forcing organizations to automate digital trust or face outages and business risk.
A CBOM gives enterprises visibility into cryptographic assets, improving governance, risk management, and readiness for post-quantum security.
We go over the qualities in abstract of a use case that strongly invites the use of hybrid certificates and then run down a list of specific use cases that meet these criteria. This includes OT systems, code signing, secure boot, WiFi, enterprise S/MIME, and more.
BIMI boosts inbox security and brand trust by displaying verified logos on authenticated emails using DMARC and mark certificates.
In this episode Jason declares that we must make cryptography boring again. We get into what that means and why it matters.
Item 1 of 9
Advance trust together
Explore ways to contribute, stay informed, and collaborate with Sectigo to strengthen the global trust ecosystem.
Stay informed
Follow Sectigo webinars, blogs, whitepapers, and award-winning podcasts to stay ahead in PKI and security best practices.
