Track and plan for 100% HTTPS uptime


Welcome to KeyChest

KeyChest is the tool you need to stay on top of all your certificates and to keep your boss happy. You can use KeyChest to plan your renewals, get your weekly inventory summary and present your cert KPIs (key performance indicators) to your boss or your team.

We don’t mind if you use them for your web servers, email servers, on-premise web services, or to protect your infrastructure.  We treat all certs equal, whether you paid $500 for each, got them free from LetsEncrypt, or created them yourself.

Note: We treat the name you enter as a server, rather than a "domain name". This is particularly important when testing web servers, as we don't follow re-directs. However, if we detect an active re-direct, you will be given an option to check it.

When you create an account, you can quickly populate your dashboard using domain names with wildcards to search for server and print the first set of KPIs within minutes.


Spot check

  • expiration date / validity of a certificate on the server
  • certificate chain completeness
  • correct name in the certificate
  • SSL/TLS version - it should be TLS version 1.2
  • HTTP Strict Transport Security (HSTS) flag from web servers
  • time gaps in certificates over the last 2 years
  • certificate neighbors - other domain names in the server’s certificate

Accounts (still subject to changes)

  • plan for next 28 days
  • monthly certificate renewal estimates for next 12 months
  • incidents - servers without a valid certificate
  • certificate inventory over the last 12 months
  • several certificate statistics (issuers, domains per certificate, legacy certificates)
  • weekly emails with important indicators and tasks for next 28 days
  • tbd

Letsencrypt users seem to like - here’s how we compare

The following table compares features of KeyChest with


Primary focus



rule-per-server views
all-in-one view

Adding new items

one server at a time
domains (with wildcards)


servers directly
CT logs (certificate transparency), and servers (optional)


weekly and on demand


certs - once before expiration
weekly - inventory and planner for all certs


150+ stations
centrally, 1+ instances, additional instances for availability

Security tests

  • certs expiry on selected servers
deployed, CT logs, cross-checking
  • expiry of deployed certs
  • all issued certs
  • difference between issued and effective certs

Will we ever charge you for this service?

Our plan is to keep this service free, including evolutionary features. We have some thoughts about subscriptions, but these will be only for substantial extensions of KeyChest, and customization of this service for on-premise monitoring of your internal infrastructure. Get in touch if you want to chat. 

Feel free to email us at, if you have in mind particular details of a feature you’d like to see.

We are Enigma Bridge Ltd, 20 Bridge St, Cambridge, CB2 1UF, United Kingdom and we read
Terms of Service | Privacy Policy