https://czinda.io/tags/security/Recent content in Security on Chris ZindaHugo -- 0.146.0en-usThu, 19 Feb 2026 00:00:00 +0000https://czinda.io/posts/dogtag-pki-iot-profiles-ansible/Thu, 19 Feb 2026 00:00:00 +0000https://czinda.io/posts/dogtag-pki-iot-profiles-ansible/How to build and automate Dogtag PKI certificate profiles for IoT device enrollment using EST, Ansible, and Red Hat Certificate System — covering constrained device enrollment, post-quantum key sizing, and certificate lifetimes aligned with SC-081v3.https://czinda.io/posts/ocsp-vs-crl-sharding-performance/Tue, 17 Feb 2026 00:00:00 +0000https://czinda.io/posts/ocsp-vs-crl-sharding-performance/A hands-on comparison of OCSP and CRL sharding for certificate revocation checking, with real measurements of wire size, latency, and TLS overhead from a live PKI deployment.https://czinda.io/posts/event-driven-certificate-revocation-lab/Thu, 12 Feb 2026 00:00:00 +0000https://czinda.io/posts/event-driven-certificate-revocation-lab/Automating the full certificate lifecycle — from issuance to revocation — using Event-Driven Ansible, Dogtag PKI, FreeIPA, UBI minimal containers, and post-quantum ML-DSA-87 certificates in an industry moving toward CRL-based revocation and 47-day cert lifetimes.