CertHop

CertHop is a secure-access control plane that replaces shared VPN credentials with short-lived, device-bound client certificates for WireGuard and OpenVPN. It automates certificate issuance, rotation, and revocation based on device posture and identity, so offboarding is instant and “lost laptop” risk drops sharply. The product ships as a web app (admin console + API) with lightweight desktop agents for macOS/Windows/Linux to enroll devices and store keys in OS keychains/TPM where possible. It integrates with common IdPs (Okta, Azure AD, Google Workspace) and pushes config updates to endpoints without admins hand-editing profiles. This is not a consumer VPN; it’s for small-to-mid orgs that already run VPN but hate managing users, keys, and audits. The MVP focuses on making certificate lifecycle and access logs dead simple, not building yet another VPN server.