Tag: tls

All PKI knowledge base pages tagged with "tls".

8 pages tagged with tls

• 47-Day TLS Certificates: SC-081 Timeline and Automation Guide — CA/B Forum SC-081v3 phasedown to 47-day public TLS max by March 2029: timeline, DCV reuse, scope exclusions, and engineering priorities.
• CA Distrust Events: Entrust Case Study and Migration Playbook — Vendor-neutral playbook for CA distrust events, built from the Entrust distrust timeline. Certificate inventory, CA migration, automation prerequisites, and lessons from Symantec and Entrust.
• cert-manager for Kubernetes: ACME Integration and Production Ops — Production guide to cert-manager in Kubernetes: ACME ClusterIssuer, HTTP-01 and DNS-01 solvers, renewal, ARI (RFC 9773), monitoring metrics, and common failure modes at scale.
• Certificate Pinning: When to Use It, When to Kill It — Why pinning helps against rogue CAs, how leaf, SPKI, and CA pins differ, why HPKP failed, where pinning still fits (mobile, IoT, mTLS), and when CT and CAA are enough.
• mTLS (Mutual TLS): Architecture, Configuration, and Troubleshooting — Engineer's guide to mutual TLS authentication. mTLS architecture, certificate requirements, Nginx/Envoy/HAProxy configuration, Kubernetes service mesh integration, client certificate troubleshooting, and common failure modes.
• TLS Protocol — TLS secures internet. Learn TLS 1.2/1.3 handshakes, cipher suites, certificate validation, mTLS, and server configuration.
• Wildcard Certificates: Security Risks, Scope Creep & Alternatives — Why wildcard TLS/SSL certificates create security vulnerabilities — shared keys, scope creep, fleet-wide revocation — and how SAN or per-service certs with ACME and DNS-01 automation reduce risk.
• X.509 Certificate Verification: Chain Validation & Trust Checks — How X.509 certificate validation works. Chain building, signature verification, expiry checks, revocation status, and debugging validation failures.