Terms and conditions

By using this service, you agree to these terms and conditions:

DATA COLLECTION: This service collects data about your activity as well as certificate and other checks it performs on your behalf. We do not collect any personal or other identifiable data beyond what is necessary for the provision of the described services.

USE OF EMAIL ADDRESS: The only personally identifiable information we collect and store is your email address. We only use it to send weekly certificate planning emails with occasional updates regarding our certificate services.

LIABILITY: You use our services at your own risk. Our services are provided on an 'as is' and 'as available' basis. We are not liable for damages, direct or consequential, resulting from any failure to provide service, suspension of service, or termination of service. We do not guaranty the availability of the services. You agree not to hold us responsible for data loss or interruption of service of any kind.

Welcome to KeyChest

KeyChest of Enigma Bridge is the tool you need to stay on top of all your certificates and your boss, if you have any. You can use KeyChest to plan your renewals, get your weekly inventory summary and present your certificate KPIs (key performance indicators) to your boss or your team.

We don’t mind if you use KeyChest for your web servers, email servers, web services, or to keep your infrastructure running.  We treat all certificates equal, whether you paid $500 for each, got them free from Let's Encrypt, or created them yourself.

When you create an account, you can quickly populate your dashboard using domain names with wildcards to search for server and print the first set of KPIs within minutes.


Spot check

  • expiration date / validity of a certificate on the server
  • certificate chain completeness
  • correct name in the certificate
  • SSL/TLS version - it should be TLS version 1.2
  • HTTP Strict Transport Security (HSTS) flag from web servers
  • time gaps in certificates over the last 2 years
  • certificate neighbors - other domain names in the server’s certificate

Dashboard (subject to change)

  • plan for next 28 days
  • monthly certificate renewal estimates for next 12 months
  • incidents - servers without a valid certificate
  • certificate inventory over the last 12 months
  • several certificate statistics (issuers, domains per certificate, legacy certificates)
  • weekly emails with important indicators and tasks for next 28 days
  • tbd

Road map milestones

  • Dashboard launched - 27 Jun 2017
  • Bulk import and auto discovery of sub-domains - 10 July 2017
  • Strategy for enterprise version published - 14 July 2017
  • RESTful API, integrations - ?? August 2017
  • Dashboard update according to feedback - ?? August 2017
  • Enterprise version - ?? September 2017

Letsencrypt users seem to like letsmonitor.org - here’s how we compare

The following table compares features of KeyChest with Letsmonitor.org.




Primary focus



rule-per-server views
all-in-one view

Adding new items

one server at a time
domains (with wildcards)


servers directly
CT logs (certificate transparency), and servers (optional)


weekly and on demand


certs - once before expiration
weekly - inventory and planner for all certs


150+ stations
centrally, 1+ instances, additional instances for availability

Security tests

  • certs expiry on selected servers
deployed, CT logs, cross-checking
  • expiry of deployed certs
  • all issued certs
  • difference between issued and effective certs

Will we ever charge you for this service?

Our plan is to keep this service free, including evolutionary features. We have some thoughts about subscriptions, but these will be only for substantial extensions of KeyChest, and customization of this service for on-premise monitoring of your internal infrastructure.

Enterprise version will evolve around features, which make sense for large companies: on-premise instances, user/role management, monitoring "sub-spaces", independent scanning agents, and security policies for internal certificates.

Get in touch if you want to chat. 

Feel free to email us at keychest@enigmabridge.com, if you have in mind particular details of a feature you’d like to see.

We are Enigma Bridge Ltd, 20 Bridge St, Cambridge, CB2 1UF, United Kingdom and we read keychest@enigmabridge.com
Terms of Service | Privacy Policy