Certificates break.
Audits don't wait.
FixMyCert is the PKI operations toolkit — interactive diagnostics, battle-tested runbooks, and audit-ready compliance kits, built from real enterprise PKI practice.
Walk into your audit with the paperwork already done.
Templates and working documents that normally take a PKI program weeks to produce — written by engineers who have sat on both sides of the audit table.

Mass Revocation Response Plan Kit
Response plan + annual tabletop exercise for CA mass revocation events.
47-Day Readiness Kit
Scored 82-point audit, exec briefing deck, vendor matrix, and DCV migration plan. Answer "are we ready?" with a number.
PCI DSS 4.0 Audit Prep Kit
Evidence workbook, crypto inventory, QSA interview prep, 30-day plan. Walk into the assessment prepared.
Compliance-in-a-Box
CP/CPS templates, key ceremony script, naming convention guide, and the supporting documents auditors actually ask for. Updated as CA/Browser Forum requirements change.
Compliance Command Center
All four kits in one purchase — Mass Revocation Response Plan Kit, 47-Day Readiness Kit, PCI DSS 4.0 Audit Prep Kit, and Compliance-in-a-Box.
Lifetime access to all future updates · Single-organization license
One-time purchase · Instant download · Kept current by our compliance monitoring engine
PKI Consortium member·50+ interactive demos·140+ engineering guides·14 operational runbooks·Compliance Hub tracking live CA/B Forum deadlines
Start where the problem is.
SSL Diagnostic Troubleshooter
Step through the most common cert failures and get to root cause in minutes
SSL Checker
Inspect live certificate details, chain, and expiry for any hostname
CSR Checker
Validate a certificate signing request before you submit it to the CA
Compliance Hub
Track deadlines, validity changes, and CA/B Forum requirements in real time
The 47-day countdown is real. Know where you stand.
Get the 47-Day Readiness Audit checklist (free) plus deadline alerts when CA/B Forum requirements actually change — from the same monitoring engine that keeps our kits current. No filler, no fearmongering.
See it work before you run it in production.

SSL/TLS Diagnostic Troubleshooter
Diagnose SSL/TLS connection problems systematically. Interactive troubleshooter for common issues.
Try it
TLS Handshake Step-by-Step
Step through the TLS 1.2 and 1.3 handshake message by message. See ClientHello, ServerHello, and more.
Try it
Certificate Lifecycle Management
Walk through the complete certificate lifecycle from key generation to CSR, issuance, deployment, monitoring, and renewal.
Try itGuides engineers actually finish.

The 47-Day Certificate Timeline
Complete timeline of CA/Browser Forum Ballot SC-081v3 reducing TLS certificate validity from 398 to 47 days by 2029. Live countdowns, phase breakdowns, and action items.

How to Install OpenSSL
Install OpenSSL on Windows, Mac, and Linux. Step-by-step with PATH configuration and verification.

TLS 1.2 vs 1.3
Compare TLS versions side-by-side. See why TLS 1.3 is faster and more secure.
Built and maintained by practicing enterprise PKI engineers. Affiliate picks we actually recommend: Practical TLS (Ed Harmoush) · ZeroSSL.