Tag: certificate-transparency
All PKI knowledge base pages tagged with "certificate-transparency".
- Certificate Pinning: When to Use It, When to Kill It — Why pinning helps against rogue CAs, how leaf, SPKI, and CA pins differ, why HPKP failed, where pinning still fits (mobile, IoT, mTLS), and when CT and CAA are enough.
- Wildcard Certificates: Security Risks, Scope Creep & Alternatives — Why wildcard TLS/SSL certificates create security vulnerabilities — shared keys, scope creep, fleet-wide revocation — and how SAN or per-service certs with ACME and DNS-01 automation reduce risk.