Hacker News with Generative AI: Certificate Authorities

Ask HN: Books/guides/resources about running a public, web CA? (ycombinator.com)
Ask HN: Books/guides/resources about running a public, web CA?
Mandatory short duration TLS certificates are probably coming soon (utoronto.ca)
The news of the time interval is that the maximum validity period for TLS certificates will be lowered to 47 days by March 2029, unless the CA/Browser Forum changes its mind (or is forced to) before then.
Decentralized Naming and Certificate Authority (handshake.org)
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems.
Let's Encrypt Ending Support for Expiration Notification Emails (letsencrypt.org)
Build a tiny CA for your homelab with a Raspberry Pi (smallstep.com)
TL;DR In this tutorial, we're going to build a tiny, standalone, online Certificate Authority (CA) that will mint TLS certificates and is secured with a YubiKey. It will be an internal ACME server on our local network (ACME is the same protocol used by Let's Encrypt). The YubiKey will securely store the CA private keys and sign certificates, acting as a cheap alternative to a Hardware Security Module (HSM).
Certificate Authorities and the Fragility of Internet Safety (azeemba.com)
Mistakes by CAs undermine HTTPS and safety on the internet
Jeremy Rowley resigns from DigiCert due to mass-revocation incident (mozilla.org)