Real-time revocation. Real Zero Trust.

We provide fast, auditable certificate revocation so your infrastructure makes the right security decision every time.

Sub-ms responses

HSM-backed signing

LDAP / AD ready

Revocation Pipeline

Live

Ingest

CA / LDAP

Sign

HSM / Pre-sign

Serve

OCSP / CRLite

status( serial: 0x9f2c… ) good

thisUpdate: now()

nextUpdate: +4h

The problem

CRLs are heavy. Enterprises need reliable revocation that scales.

❌ Slow: multi-MB CRLs and blocking checks increase latency.

❌ Fragile: outages and stale caches undermine Zero Trust.

What you get

Revocation-as-a-Service that's fast and enterprise-ready.

Latency

Sub-millisecond answers

Security

HSM-backed signing keys

Integration

LDAP / AD sync

Deploy

Serverless on AWS/private cloud

Use cases

Enterprise PKI

Enforce revocation across VPN, Wi-Fi, device certs, and internal services.

API Ecosystems

Validate client certificates at scale with near-zero latency for secure API access across your platform.

Regulated industries

Meet compliance in finance, healthcare, and government with auditable revocation.

How it works

1. Ingest

CA / LDAP / CRLs

Pull revocations from CA databases, delta CRLs, or directory attributes.

2. Sign

HSM or pre-signed cache

On-demand with nonces, or pre-sign for blazing performance.

3. Serve

OCSP / CRLite outputs

Return RFC-compliant OCSP or compressed revocation sets.

About us

We're security engineers building reliable, scalable revocation for real-world systems. Our team blends PKI expertise with distributed systems engineering to deliver trust that keeps up with your business.

Talk to us

Tell us about your PKI and we'll show you how REVKED can help.