Why Digital Trust Is Shifting From Certificates to Convergence

What happens when digital security isn’t just about certificates anymore? For years, trust in the internet rested on small files installed quietly in the background, validating identities, encrypting traffic, and keeping users safe. But that model is now struggling to keep pace.

Shorter certificate lifespans, quantum computing, and pressure on security teams are making old workflows feel increasingly unreliable.

Techopedia sat down with Ashley Stevenson, VP of Product and Solution Marketing at DigiCert, to gain insight into how the concept of trust is evolving in the business technology sector.

We covered everything from the domain name system (DNS) and public key infrastructure (PKI) to automation, identity, and quantum risks. Our conversation revealed why security can’t remain a patchwork of spreadsheets, guesswork, and luck.

Table of Contents Table of Contents

1. Key Takeaways
2. DNS, PKI & the Quiet Backbone of Every Connection
3. A 47-Day Expiration Cycle Is Coming
4. Preparing for Quantum Is No Longer Optional
5. Identity Is Expanding & PKI Is At the Core
6. Teams Are Under Pressure to Scale Without Growing
7. How Trust Is Managed Must Evolve
8. The Bottom Line
9. FAQs
10. References

Show Full Guide

Table of Contents

1. Key Takeaways
2. DNS, PKI & the Quiet Backbone of Every Connection
3. A 47-Day Expiration Cycle Is Coming
Show Full Guide
4. Preparing for Quantum Is No Longer Optional
5. Identity Is Expanding & PKI Is At the Core
6. Teams Are Under Pressure to Scale Without Growing
7. How Trust Is Managed Must Evolve
8. The Bottom Line
9. FAQs
10. References

DNS, PKI & the Quiet Backbone of Every Connection

Ashley Stevenson began with a reminder that every online connection starts with something few people notice: DNS.

“Anytime anything that is networked wants to connect, it first has a very first stop to make, and that is DNS,” he said.

That step translates domain names into IP addresses. From there, PKI steps in to authenticate the connection and establish a secure session. These two technologies are often handled separately, but they’re linked at the root of digital trust.

Stevenson explained:

“Every secure connection starts with DNS resolving a domain and PKI establishing trust.

DigiCert1 combines the two. We’ve taken them to the next level of integration, where all of that comes together, and you don’t have to worry about the intricacies of needing to make manual updates to things like DNS records. We automate that piece of it to make sure that it’s secure.”

The risks are real. “If an attacker was able to change that record and put in their IP address instead of the real IP address… they could get you to enter your credentials, your financial information,” Stevenson admitted.

A 47-Day Expiration Cycle Is Coming

Certificate renewal used to be an annual task. That’s changing. Ashley said:

That shift means IT teams will need to issue and install certificates almost every month and validate domain ownership even more often.

Stevenson said:

“You used to renew a certificate once a year. Now imagine doing that every 47 days, plus proving domain ownership every 10. That’s impossible to manage manually.”

To handle this level of complexity, DigiCert ONE introduces automation at every stage. “You create a central inventory, you’ve got your policies, you’ve established ownership, and then you mentioned automation,” he said. “That’s the piece where you have machines and automation doing things on your organization’s behalf.”

Some organizations are already treating upcoming expirations with urgency. “If a certificate is getting within 30 days of expiring, they automatically open up a SEV-1 ticket as if it were an outage,” Stevenson said.

Despite all the warnings, certificate outages continue. Ashley Stevenson shared recent examples:

“These outages are a big deal, and no one is immune. Recently, a Chromecast outage occurred due to an expired certificate. And even Elon Musk’s Starlink went down.”

Caused by expired ground station cert. We’re scrubbing the system for other single-point vulnerabilities.

— Elon Musk (@elonmusk) April 8, 2023

Even now, many teams still rely on disconnected processes. “Sometimes people track certificates in spreadsheets, and it gets to be more than manual processes can handle,” Stevenson said.

Preparing for Quantum Is No Longer Optional

Quantum computing once felt like a future challenge. That future is now being actively addressed. “Our platform is quantum-ready,” Ashley said. “We support these new quantum-safe, quantum-ready algorithms.” But those algorithms come with trade-offs. He said:

“A signature in a new quantum-safe algorithm is eight times larger than a signature of the current RSA algorithm.”

Planning for this requires not only awareness but also speed. “When the customer is ready, we’re ready with our platform to support the new quantum algorithms and to help them get into using them in their applications.”

That speed matters if something breaks. “There’s the known change, which is already a lot… and the unanticipated things that could cause you to have to replace everything. One of our customers had a large cyber attack, and they had to redeploy half a million certificates,” Stevenson said.

Identity Is Expanding & PKI Is At the Core

Ashley Stevenson made it clear that identity and PKI are becoming closely connected:

“There’s a definite connection between identity and what people would call traditional IAM and PKI. Those two things are tightly connected.”

The trend toward passwordless systems, such as passkeys and digital wallets, relies on public key infrastructure (PKI). “A passkey is the public-private key pair of PKI that goes in. If you think of those, USB YubiKey is also a public-private key pair,” Stevenson said.

PKI isn’t just for machines anymore. “IoT comes along… connected devices… need public-private key pairs and certificates. And then you get into humans,” he added.

In Europe, the move is already being formalized through regulation. “If you’re familiar with things like EIDAS 2 and the concept of having verifiable credentials that are in a wallet… those come from qualified certificates, and we support that as well,” he said.

Teams Are Under Pressure to Scale Without Growing

As digital systems expand, security teams often lack the necessary resources to keep pace.

Stevenson described one customer’s challenge:

“They probably four, five, six times the amount of PKI certificates they had to manage. And with our Trust Lifecycle Manager, they were able to automate to an extent where that same seven people could manage all that.”

Manual processes no longer scale. “Customers even will have these processes where they’re opening a JIRA or ServiceNow ticket between teams… to get something done,” he said.

By automating certificate operations, organizations can increase volume without increasing headcount. “That is what empowers teams to be able to handle more frequent changes,” Stevenson said.

One of the more practical warnings Ashley offered was about using the wrong type of certificate. If you pick the wrong one for your use case, the fix could be costly. He said:

“Some certificates are made for public trust, i.e., browsers… others are private PKI certificates. If you use the wrong certificate and you have to replace all those because the rules change, then that’s going to be more work.”

His advice? Get strategic: “Let us help you find the right certificate for the job.”

How Trust Is Managed Must Evolve

When asked how he sees the next few years unfolding, Ashley Stevenson didn’t speculate. He observed. The pace of change in PKI is accelerating, and “If you’re not ready to push a button and deploy new algorithms or certs tomorrow, you’re already behind.”

Organizations will need to stop treating trust as a collection of isolated tools. Stevenson said:

“Think about convergence and managing these things together and tackling them as a single problem instead of separate all over the place.”

This means not only aligning DNS and PKI but also rethinking how certificates are issued, validated, rotated, and retired. DigiCert ONE is already being used by companies facing these changes now.

The Bottom Line

For years, teams could get by with calendar reminders, spreadsheets, and scripts. But the combination of reduced certificate lifespans, identity sprawl, and quantum risk is pushing that model to its limit.

Ashley Stevenson said it plainly: “People can buy certificates and then forget about them.” The question for leaders isn’t whether trust is important. It’s whether their infrastructure is ready to keep pace. Automation, convergence, and preparation aren’t luxuries anymore. They’re part of how trust is built every day.

FAQs