Full automation is powerful — but in the age of 47-day certificates, it can also be dangerous.
Tools like cert-manager and basic ACME clients make it incredibly easy to issue certificates. But that ease comes with risk. A single misconfigured policy or overly broad wildcard can expose your entire infrastructure.
We've seen production certificates issued for internal tools with 10-year validity, development domains accidentally pointed at production infrastructure, and certificates issued without any security review.
Mature security programs are now implementing tiered approval workflows:
CertForge was designed with human-in-the-loop governance as a core feature — not an afterthought. You get flexible approval workflows with Slack, Microsoft Teams, and Webex notifications, threaded comments, and automatic escalation.
The goal isn't to slow everything down — it's to add the right amount of control exactly where it matters.
In a world of dramatically shorter certificate lifetimes, speed matters — but blind automation is no longer acceptable. The winning teams will combine powerful automation with intelligent human oversight.