Category: Patterns
All PKI knowledge base pages in the "Patterns" category.
- CA Hierarchy Design: Root, Intermediate & Issuing CA Architecture — How to design certificate authority hierarchies. Two-tier vs three-tier models, offline root CA protection, and subordinate CA delegation patterns.
- Cloud vs On-Premises PKI: AWS, Azure & Hybrid Architecture Guide — Compare cloud PKI (AWS Private CA, Azure Key Vault, Google CA Service) with on-premises deployment. TCO calculations, hybrid architectures with air-gapped root CAs, and when each model makes sense.
- Multi-Tenant PKI: Isolation, Namespacing & Security Boundaries — PKI design for multi-tenant environments. CA isolation patterns, namespace strategies, cross-tenant security risks, and managed service provider architectures.
- PKI High Availability & Disaster Recovery: RTO, RPO & Failover Patterns — Design resilient PKI infrastructure. Active-passive vs active-active patterns, HSM clustering, geographic redundancy, RTO/RPO calculations, and tested recovery procedures for certificate services.