Systems and techniques are described herein for managing and negotiating SSL certificates as part of a handshake between a client computing device and a website hosting infrastructure. Certificates for a website are stored in a common storage and are lazy-loaded into cache memory when the website is requested by a client. Certificates are served by the hosting infrastructure responsive to a handshake request from a client by determining if a certificate for a hostname in the handshake request is in cache memory. When available, a cached certificate is served. When a cached certificate for the hostname is unavailable, a certificate is retrieved from the common storage, placed in cache memory, and served. OCSP stapling data is lazy-loaded and served also from the cache memory. Hence, a certificate is available immediately upon deployment, without costly reconfiguration of the hosting platform to accommodate new certificates and new hostnames.