Category: Operations
All PKI knowledge base pages in the "Operations" category.
- 47-Day TLS Certificates: SC-081 Timeline and Automation Guide — CA/B Forum SC-081v3 phasedown to 47-day public TLS max by March 2029: timeline, DCV reuse, scope exclusions, and engineering priorities.
- CA Distrust Events: Entrust Case Study and Migration Playbook — Vendor-neutral playbook for CA distrust events, built from the Entrust distrust timeline. Certificate inventory, CA migration, automation prerequisites, and lessons from Symantec and Entrust.
- Certificate Automation Readiness: ACME, ARI, and the 47-Day Mandate — Assess automation readiness for short TLS lifetimes: ACME maturity, ARI (RFC 9773), client support, four-level maturity model, and a practical readiness checklist.
- Certificate Discovery: Find Every Certificate in Your Infrastructure — Discover certificates across AWS, Azure, Kubernetes, and on-prem infrastructure. Network scanning, API-based discovery, CT log monitoring, and building a complete certificate inventory.
- Certificate Lifecycle Management: Issuance, Renewal & Revocation Guide — End-to-end certificate lifecycle operations. Discovery, issuance workflows, automated renewal, revocation procedures, and audit compliance requirements.
- Certificate Monitoring & Alerting: Prevent Expiry Outages Before They Happen — Monitor certificate health beyond just expiry dates. Prometheus metrics, chain validation alerts, deployment lag tracking, and alert routing that prevented $1M+ outages at LinkedIn and Microsoft.
- Certificate Renewal Automation: Scripts, APIs & Monitoring Setup — Automate certificate renewals at scale. ACME client configuration, API-driven workflows, expiry monitoring, and alerting for failed renewals.
- Certificate Revocation Deep Dive: CRL, OCSP, OCSP Stapling, and Short-Lived Certs — Engineer's reference for certificate revocation: CRL, OCSP, OCSP stapling, browser behavior, Let's Encrypt OCSP deprecation, and short-lived certificates as passive revocation.
- Certificate Rotation Strategies: Zero-Downtime Renewal & Automation — Plan certificate rotation that doesn't cause outages. Fixed schedule vs validity-based timing, blue-green deployment patterns, ACME automation, and rollback procedures for failed rotations.