PKI and Certificate Management - Essentials for Production Security

Explore the critical importance of PKI and certificate management in this 36-minute conference talk by Shweta Vohra from IBM. Gain essential insights into the fundamentals of certificate infrastructure, including cryptography, digital certificates, and certificate hierarchies. Learn about the challenges of implementing certificates in dynamic, heterogeneous environments with microservices and service mesh. Discover five crucial aspects of certificate management that every software application creator, owner, and maintainer should know. Get practical advice on handling certificates wisely using open-source tools like Spiffe/Spire. Through demonstrations and real-world examples, understand key concepts such as certificate encoding, chain design, TLS version compatibility, revocation methods, and automation strategies. Equip yourself with the knowledge to effectively implement and manage PKI in your production environments, ensuring robust security measures for network communications within and outside your infrastructure.

Intro
Public Key Infrastructure (PKI)
Cryptography - Public & Private Key
Digital Certificates
Sample Certificate
Certificate Encoding and Files
Certificate Hierarchy (Chain)
Case Study - Steps and Tools to Setup
Design (or Know) your certificates chain and hierarchy
Where to terminate your certificates?
TLS version mis-matches & design decision
Certificate Revocation Methods & Design
Certificate Automation and Monitoring