About Truvald™ & BrkrOps™ Inc.
Tools built by people who've
been in certificate hell.
BrkrOps™ Inc. builds enterprise PKI tools out of Edmonton, Alberta — the kind of tools we wished existed when we were the ones staring at a failed CRL at 11pm on a Friday.
Truvald™ was created on a straightforward observation: Windows Server PKI — ADCS, certificate templates, CRL distribution, CA health — is genuinely complex infrastructure that organizations depend on for everything from user authentication to code signing to encrypted communications. And yet the tooling to manage and assess it has been an afterthought for decades.
The CA snap-in. Certutil. Manual CRL health checks via scheduled tasks emailing CSV files that nobody reads. Disaster recovery documentation that was accurate in 2019 and hasn't been touched since. And if you want to know whether your certificate templates are exploitable? Good luck — go read the Certified Pre-Owned research paper and manually check each one.
Truvald™ started as internal tooling built to manage a multi-CA enterprise environment. Over time it grew into something comprehensive enough to share — and professional enough to sell. It's built by PKI practitioners, for PKI practitioners, with enough thought given to non-specialists that your helpdesk can use the cert inspector without a three-hour training session.
The name Truvald™ means "strong in truth" — which is appropriate, because it is going to tell you the truth about your PKI whether you're ready to hear it or not. Two Critical findings on your first assessment is not a failure. It means you now know what you didn't know before, and you have a document to prove it.
We're a small operation. That's a feature, not a bug. It means you deal directly with the people who built the software, who actually know how PKI works, and who have a personal stake in making sure it's good. There is no Tier 1 support. There is no knowledge base article that doesn't apply to your situation. There's just us, your problem, and a genuine interest in solving it.
Questions, feedback, or just want to talk PKI? admin@brkrops.ca
Why Truvald™ exists
"It's working" and "it's secure and correctly configured" are very different things. One is checked by whether Outlook opens. The other requires actual assessment.
Truvald™ makes the second one achievable for the PKI admin at any organization — not just the ones who have three months to do a manual evaluation.
About BrkrOps™ Inc.
"It's working" isn't enough.
Most organizations set up ADCS once, it works, and then nobody touches it for years. The problem is that working and secure are very different things. PKI is foundational to authentication, VPN, smart cards, code signing — the list goes on.
ESC paths are real attacks.
The SpecterOps "Certified Pre-Owned" research documented 16 ADCS privilege escalation paths — misconfigurations that allow low-privileged users to escalate to Domain Admin via certificate abuse. These have been used in real breaches. Truvald™ checks all of them automatically.
Systematic. Documented. Repeatable.
A Truvald™ assessment gives you a documented, reproducible baseline of your PKI security posture. Run it quarterly, run it before a pen test, run it after infrastructure changes. Heck, run it every day if you're that kind of person — we're not here to judge. Know your PKI's truth on demand.
Why we sign with Certum, not a US CA.
Truvald's installer is signed by an Organization-Validation certificate issued to Patrick Mercier by Certum — a Polish CA operated by Asseco Data Systems out of Gdańsk, under EU law and the eIDAS regulation. That's a deliberate decision. Choosing a non-US certificate authority sidesteps the US CLOUD Act surface area that public-sector and regulated buyers care about, and Certum roots have shipped in every Windows install for over two decades — so the choice costs nothing in compatibility while it matters to the customers we serve. Microsoft SmartScreen reputation accrues to the certificate identity, not to the issuer's jurisdiction.
Ready for the truth about your PKI?
Truvald™ v1 is here. Download the Evaluation — full features, no expiry, no credit card.