Amarjeet Shukla

EST (RFC 7030) is the modern replacement for SCEP, using HTTPS and TLS client authentication for secure certificate enrollment. Here's how it works, what it improves over SCEP, and where to use it.

Asymmetric encryption uses a key pair — public key encrypts, private key decrypts. Here's how it enables TLS, digital signatures, and key exchange without sharing secrets.

Kubernetes uses TLS certificates for cluster communication, ingress termination, and service-to-service encryption. Here's where certificates live in K8s, how they're managed, and where they expire without warning.

Certificate automation eliminates human involvement from enrollment through renewal. Here's how organizations automate at scale, what architecture patterns work, and where automation creates new failure modes.

Public Key Infrastructure enables trust, encryption, and authentication across the internet. Here's how PKI works end-to-end, how to design a hierarchy, and where enterprise PKI deployments fail.

Cloud HSMs provide FIPS 140-2 Level 3 hardware key protection without managing physical devices. Here's how AWS CloudHSM, Azure Managed HSM, and Google Cloud HSM compare, and where cloud HSM creates operational dependencies.

Certificate enrollment is the process of requesting, validating, and receiving a signed certificate from a CA. Here's how enrollment works across protocols (ACME, EST, SCEP, manual), what differs between them, and where enrollment fails silently.

CI/CD pipelines can automate certificate provisioning for every deployment — requesting, validating, and deploying certificates as part of the release process. Here's how to integrate certificate automation into pipelines and where it fails.

Code signing uses digital signatures to prove software came from a known publisher and hasn't been tampered with. Here's how it works, what it protects against, and where the signing process fails.

Software supply chain security ensures that code, dependencies, build processes, and distribution channels haven't been compromised. Here's how attacks happen, what frameworks exist, and where code signing fits in the defense.