Shivam Sharma

CMP (RFC 4210/9483) is the most comprehensive certificate management protocol, handling enrollment, renewal, revocation, key update, and cross-certification. Here's how it works, where it's used, and why it's complex but powerful.

Cloud HSMs offer managed key protection without hardware ownership. On-premises HSMs give full physical control. Here's a practical comparison covering security, cost, operations, and decision criteria.

A cryptographic hash function produces a fixed-size fingerprint from any input. Here's how hashing works, why it's irreversible, and where it's used in certificates, signatures, and integrity verification.

Machine identities outnumber human identities 45:1 but are managed with far less rigor. Here's how they differ in lifecycle, scale, and risk — and why treating them the same way fails.

SCEP enables network devices and endpoints to request certificates from a CA using simple HTTP operations. Here's how it works, why it's still everywhere despite being outdated, and where it creates security gaps.

cert-manager automates TLS certificate issuance and renewal in Kubernetes using ACME, Vault, private CAs, and more. Here's how it works, how to configure it, and where it fails silently.

Service meshes like Istio and Linkerd automate mTLS between pods — issuing certificates, rotating them, and encrypting traffic without application code changes. Here's how it works and where it breaks.

Key generation is the most critical moment in a key's lifecycle — weak generation undermines everything built on top. Here's how to generate keys securely across different environments and what mistakes to avoid.

FIPS 140-3 replaced 140-2 for cryptographic module validation. Here's what changed, what the security levels mean, and a practical guide to achieving FIPS compliance for your cryptographic infrastructure.

Infrastructure as Code (IaC) brings PKI under version control — declaring certificates, CAs, and trust configurations as code. Here's how to manage PKI with Terraform, Ansible, and GitOps, and where IaC and certificates conflict.