About FixMyCert

Why This Exists

PKI shouldn't be this confusing.

Certificate management sounds simple until you're staring at a failed deployment at 2 AM, wondering why the chain isn't validating. Or explaining to a security auditor why that wildcard cert is actually a risk. Or trying to figure out why Venafi isn't provisioning to your F5.

The resources that exist are either:

  • Too theoretical — Academic explanations that don't help when something's broken
  • Too vendor-specific — Marketing disguised as documentation
  • Too basic — "What is SSL?" doesn't help someone debugging mTLS
  • Behind paywalls — Email gates, "contact sales," premium tiers

FixMyCert exists because I kept building the same internal documentation at every job. The same troubleshooting guides. The same "here's how this actually works" explanations for teammates.

This site is what I wish existed when I started.

What You'll Find Here

Interactive Demos (50+)

Step-through visualizations that show how PKI concepts actually work. Not videos you passively watch — interactive tools where you control the pace and explore the details.

Topics include: Encryption fundamentals, TLS handshake flow, certificate anatomy, cipher suite decoding, revocation mechanisms (CRL vs OCSP vs stapling), file format conversions

Technical Guides (100+)

Practical, in-depth documentation organized by what you're trying to accomplish.

Platform-specific:

  • • F5 BIG-IP — SSL profiles, SNI, troubleshooting
  • • Microsoft ADCS — Templates, NDES, ESC attacks
  • • Venafi — Discovery, agent vs agentless
  • • OpenSSL — Key generation, chain verification
  • • Web Servers — nginx, Apache, HAProxy, Traefik
  • • Kubernetes — cert-manager setup

Conceptual:

  • • Certificate lifecycle management
  • • DV/OV/EV validation differences
  • • Wildcard certificate risks
  • • Certificate transparency
  • • Post-quantum cryptography
  • • SSH certificates

Troubleshooting & Tools

Real error messages. Actual solutions. The stuff you Google at 2 AM.

Troubleshooting (15+):

  • • SSL diagnostic troubleshooter
  • • Certificate error decoder
  • • Name mismatch resolution
  • • Chain validation failures
  • • Python/Git/Java SSL errors

Tools (5):

  • • CSR Checker
  • • SSL/TLS Configuration Checker
  • • Certificate Decoder
  • • Naming Convention Generator
  • • Certificate Inventory Template

Checklists, Compliance & News

Copy-paste procedures and compliance tracking for when things go wrong (or need to go right).

Runbooks (10):

  • • Certificate renewal
  • • Emergency replacement
  • • Key compromise response
  • • CA migration

Compliance Hub:

  • • CA/Browser Forum deadlines
  • • Algorithm deprecation
  • • Browser root changes
  • • Countdown timers

PKI News:

  • • 11 curated sources
  • • Browser vendors
  • • Certificate authorities
  • • Updated daily

The Approach

Every piece of content follows three principles:

Visual First

Cryptography is abstract. Seeing key exchange happen, watching a TLS handshake unfold, or clicking through a certificate's anatomy makes concepts stick in ways that reading RFCs never will.

Practical Focus

Real error messages. Actual commands. The things you'll encounter on the job, not just exam prep. Every guide answers "when would I actually use this?"

No Paywalls

No email gates. No "sign up for the full version." No tracking you across the internet. Just learn.

Who This Is For

Primary audience:

  • DevOps and SRE teams managing certificates at scale
  • Security engineers implementing PKI policies
  • Network engineers configuring SSL on load balancers and proxies
  • IT professionals handling certificate requests and renewals
  • Developers debugging SSL/TLS issues in applications

You'll get the most value if you:

  • Already know certificates exist (this isn't "what is HTTPS")
  • Need to actually implement or troubleshoot something
  • Want vendor-neutral guidance, not a sales pitch
  • Appreciate seeing how things work, not just what buttons to click

What Makes This Different

Vendor-Neutral

I've implemented solutions with Venafi, DigiCert, Sectigo, Microsoft ADCS, Let's Encrypt, and internal CAs. Every platform has tradeoffs. This site explains those tradeoffs honestly.

Operationally Focused

This content comes from implementing certificate management at banks, enterprises, and government agencies — environments where "it works on my machine" isn't acceptable.

Actively Maintained

PKI isn't static. Browser requirements change. Algorithms get deprecated. This site tracks those changes and updates guides when the landscape shifts.

Actually Free

No premium tier. No gated content. Frustrated engineers shouldn't have to expense a subscription to fix a broken certificate chain.

Who Built This

I'm Patrick, a PKI engineer who's spent too many late nights troubleshooting certificate chains, explaining the difference between PEM and PFX, and watching perfectly good deployments break because someone forgot to include the intermediate CA.

I've implemented certificate lifecycle management solutions at major financial institutions, worked with enterprise PKI platforms, and helped organizations prepare for compliance deadlines they didn't know existed.

FixMyCert started as a single interactive demo in late 2025. It's now grown to over 197 pieces of content — demos, guides, checklists, tools — with more added regularly.

Quick Stats

52
Interactive Demos
127
Technical Guides
13
Checklists
5
Tools

Get In Touch

Questions, corrections, or suggestions: patrick@fixmycert.comLinkedIn: FixMyCertFollow updates: @fixmycert on X/Twitter

FixMyCert.com — Interactive PKI education for engineers. Demystifying certificates, TLS, and cryptographic trust since 2025.