The Internet would be unusable without certificates and Certificates of Authority. If CAs got comprised or their private keys got stolen, we would be in big trouble. Warning! We go deep in this video and explain why certificates are critical to your online life and the Internet. This is a technical deep dive and covers a lot of detail. // Ed's TLS course // davidbombal.wiki/edtls49 Use coupon code: "BombalTLS" to get the course for $49 // Videos mentioned // TLS Handshake Deep Dive and decryption with Wireshark: kzbin.info/www/bejne/aGbCl6emf5Jlg6c She hacked me (Cori): kzbin.info/www/bejne/i2fTdaR8nbNraKs // Websites mentioned // badssl: badssl.com/ crt sh: crt.sh/ // MENU // 00:00 - Coming up 00:55 - Intro 01:00 - SSL Certificates 01:55 - How to validate website certificates 05:05 - Why certificates are important 08:10 - What is a CA? // Explanation of the Cerificate Authority 12:35 - Certificate chain 15:00 - Inspecting certificates 22:42 - Inspecting certificates // RSA Public-Keys 26:26 - Inspecting certificates // Extensions 28:07 - Wildcard certificates 29:20 - Inspecting certificates // Extensions (cont'd) 32:07 - Testing certificates // badssl.com 36:02 - Inspecting certificates 43:19 - Learn more about SSL/TLS 44:47 - Closing thoughts // TLS in the fututre // Ed's SOCIAL // Twitter: twitter.com/ed_pracnet KZbin: kzbin.info/door/KmU-GKiukM8LYjkJFb8oBQ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZbin: kzbin.info // Ed's TLS course // davidbombal.wiki/edtls49 Use coupon code: "BombalTLS" to get the course for $49 // More detail on Ed's KZbin channel and website // Asymmetric Encryption explained from a Practical Perspective: www.practicalnetworking.net/practical-tls/rsa-diffie-hellman-dsa-asymmetric-cryptography-explained/ RSA Algorithm: kzbin.info/www/bejne/hqKbmIGYq8uUpa8 DH Algorithm: kzbin.info/www/bejne/gYnUYWlrjtejn7c Practical TLS - Crypto & SSL/TLS foundation: kzbin.info/aero/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

The analysis of the certificates and (more in general) the care with which you bring this content trying to bring disclosure on these topics is really admirable. Thank you very much David, we could use more people like you in the world. An Italian software engineer - 🇮🇹

Yes hermano ... Please invite Ed back to go "deep deep deep" into RSA and Diffie-Hellman. Both of you have a great tech presence and chemistry with elucidating the behind the scenes stuff-- in this case with the inner workings of SSL/TLS. Thanks David, your content is always of the highest caliber!

I took Ed's courses following the 1st time you made a collab with him and he doesn't disappoint. He even does live sessions for the newly added TLS1.3 content before he puts it into an actual online course - which is awesome because we get to ask questions. My next course with him is tomorrow actually. Great content but I mainly want to thank you for your great relevant content and putting Ed on my professional path. Like anybody here probably, I get most of my learning from free online resources as one should but Ed's course is one of the very few I consider being way above what you find for free online to easily make it worth what I consider a small price. This is content and expertise I have zero problem paying for as it translates into a big investment in myself as an IT professional.

i learned so much from his handshake video and cory's videos. The Wireshark videos you do with ed and chris are so informative i hope you keep them up . Gotta love cory she's the best i hope you do more with her also. i have to say the people you show on your channel are the best in the buisness

I see David Bombal Getting much fans here in India as well... Namastey 🙏 Love from India ❤️

Hey David! First Comment!! BTW, the stuff you do is really great and I particularly liked the series of videos on Flipper Zero!

It's a real pleasure to see these gurus being cooperated. I just love your courses! you're the best!

Yes please. I have a basic understanding of RSA and Diffie Hellman but going deep would be fun. When I explain DH I use the glasses and colored water explanation. With RSA I always explain it the same way you guys did here but I don't really understand how the math works beyond it is a remainder of a whole number from division.

You're saving billions by making these useful videos. No need for coaching classes

I like the way David feigns ignorance in order to elicit a more detailed explanation 👍

Huge thanks to Sir David and Ed. I feel safe and blessed to have people like you. ❤

Such a good explanation!!! As a network engineer we issue and renew ssl certificates everyday for bank domains and just 1 certificate costs $300

"Quantum Cryptography is closer than ever" "Well yea, that's how time works" ;) 25:38

Ed always take complex topic and make it easier for the audience to understand . David you always rock as you do in the past and i appreciate it

1st viewer from india very nice topic🤘

Waiting for your New year resolutions video David sir. Expecting cool stuff

Excellent interview. Thank you both for your time and effort! Deep dive on Encryption protocols like RSA, DH, etc. would be greatly appreciated.

Wonderful, brilliant video again Thanks David, Thanks Ed !

I"m learning the ins and outs of tls, pki and certificates for my internship. This video comes in perfect time!

Thanks!

Excellent and valuable content. Great explanation with marvellous deep-dive examples. I don't have been interested in stuff around certificates, but this video truly caught me up.

This will be a great visual, to what I just read about the certificate process, in my Sec+ study guide. Have a lab to do- How to steal certificates. So many of your videos to catch up on.

Thanks for your video ❤ I'm sorry to say that I'm unable to contribute to you because I'm under DNS attack right now among other strategies they changed them old-time so my apologies to you, you deserve so much more support I know what you do is time-consuming and it takes a lot of hard work thank you I appreciate you.

This is awesome! I loved this video and look forward to taking Ed's course as well. Thank you!

This guy is clear and concise.

Damn! David Bombal and Ed Harmoush in the same video? What a treat!

I had taken the Practical SSL course and found it well worthwhile to take.

I say this somewhat tongue-in-cheek, but I'd really love to see a video on Microsoft Domain internal cert authorities and why MS hasn't changed how they work in over 10 years. So many holes exist using default settings for a windows pki environment today but it's still nearly required for on-premise/hybrid windows domains.

Always appreciate your work

I LEARN ALOT OF INFO IN THESE VIDEOS!😁😁

finally i will understand Certs!....haven't watch it but i know i will learn some great stuff having bought the CCN course on udemy and am learning some great stuff

Wow!!! What a great great session this was! Thanks for this Dave

Brilliant explanation of digital certificates and deciphering each component of it.

Another great video! Thanks

i need to watch this twice....so much content in one Video

Loving these videos

Could make some episode about "Quantum-Safe Cryptography" and why it is important to start think about it.

Love your videos ❤️

Another deep-dive video about the protocols would be amazing.

Thumbs up and like if you want to go deeper especially Diffie-Hellman key exchange - I do :) thanks for the great video David and Ed

Chain of Trust. Great content, thank you for sharing.

You both are dangerous together.. Thank you for the videos.

When going to Starbucks, there is an certificate issue when logging in to their wifi network. After connecting to it, must ping/connect to hotmail in order to be rerouted to Starbucks accept confirmation page to use their internet. Done on Kali OS. Some sort TSL / CA warning issue.

Hi David, I have a problem with micosoft hyper v, i installed kali and parrot but both resolution is very small. i used command and insert in grup and update reboot but nothing happen. Could you please guide me how to fix the resolution?

Excellent content, David! keep it up. Greetings from Mexico City.

yes please go deep in rsa and deffie helman . very interesting and very nice way of explaining it

I'm sorry if my question is stupid or totally irrelevant, but how does it look like on the darkweb / darknet, is there any kind of certificates used there or what? Or is that partly why you need to use the Tor browser? I know you need to use the Tor browser because other browsers don't show it though. Another thing I just noticed near the end that I wonder, is if it's a typo in the openssl progra, because it says URl or URI before all the URL adresses, or if it stands for something else.

This was so great!! Thank you so much for the SSL/TLS The chain or trust is so critical in todays dodgy world.

Is the certificate an ID card of the Internet? or a particular certificate is an ID card of a particular website? Talking about 5:17 moment.

Thank you very a very helpful video. 💯 I think your channel should be a part of my weekend routine. Btw, should personal info at 30:46 be censored?

Very nice. thank you, David, for the content you offer.

Absolutely brilliant, thank you! I would be interested on more info in virtual networking and working with VMs. If that's in the scope of course. Thanks again!

sir please one video on penetration testing roadmap 2023 how to start how to learn which programming we should learn which tools can be used for pen testing

Hii Iam studying BCA Bachelors's of computer applications I will interested in Hacking so Next what i will do this career iam from India Tamilnadu please reply me....

This is good information. @David Bombal, does that mean every single client device get to be assigned a different ID for SSL?

Wonderful talk. Excellent content. Thank you

I want to go Balls Deep, haha! Really, this is awesome, finally. I've wanted to know more about this for a very long time. 20 years or so... Thanks!!!! And I'll be checking out his site...

Dang thought I had that 1st view on lock. Texas Cyber here!

what if you make a hack that works after the certificate expires and before its renewed. right in the middle

What stops a scammer in making a scamming website and getting the certificates with the SSL? Nothing right? The hard part would be to try and make it to not link to your private info. But if you can fix that then the certificate means nothing anymore for that website.

Excellent presentation gents!

Hello, I have the same error with my certificate, on the Microsoft Edge browser (I can only use it, didn't try with other browsers). My Common Name (CN) is exactly the same as the URL I'm using, but I'm receiving a "NET::ERR_CERT_COMMON_NAME_INVALID" error, and the padlock is not secure. Could this happen because my certificate has only CN populated, but it doesn't have any SAN (Subject Alternative Name)?

Amazing stuffs as usual

excellent video. more deeper dives!

If you are a beginner in computer programming and you want to venture in programming language where do you exactly start

You should also make a video about how to get one of these

such an amazing content!

It is an amazing explanation. Thanks a lot by sharing such a deep knowledge. As we know Root-CA certificate(info of Root-CA + Public of CA etc) is pre-installed in apps/browsers and when client visits any websites then Client will get the ICA'S as well as the ID-Cert of ROOT-CA Therefore both the PUBLIC of ROOT-CA and PRIVATE of ROOT-CA gets compromised by the hacker. How come this issue will be resolved?.... Please do reply as having a serious confusion. Thanks

David Bombal & Practical Networking in one setting🥹🥹🥹 the community is to fine! The insight stay growing, everyone has the ability to network, & love to see like minds able to reach/touch others who want to gain more knowledge. 💯

Great video! So many good info! Thank you!

Great content ,thanks for sharing.

So this is weird. I was following along in my terminal as Ed used openssl to make the cert human-readable, and on my end, the signatures don't match. 🤔😟 Curious what that means. In the terminal, the certificate ends in ff:ac like Ed got, but in the GUI (chrome) it ends in 7e:49. I even checked that I wasn't accidentally looking at the wrong cert in chrome (like Ed accidentally did), I checked/compared all 3 cert entries in chrome; the cert root, digicert CA1, and Twitter.cow). What does that mean? Close this Twitter session lol ?

I think this is useful-I do wish you would show how it appears on other browsers besides Chrome

Good thing I learn to implement before multiple failures

I love that guy for subnetting

question: on my old laptop with windows 7 en chrome i get a lot of popups that the certificate is not valid and that your connection is not secure on some trusted populair websites. But with firefox browser you dont get any of this popups. what is the difference between this 2 browsers? is chrome using more advance security or is it handled different? . thnx in advance,

First viewer 💖💖💖💖😀😀😀😀😀

good Afternoon. Thanks

Hello. Great video and great way of explaining this concept. I have question, am i right if i say that https request for web page is sent after client and server establish session keys?

What if a fake CA made certificates for fake servers? How would a customer then tell the difference?

but very active websites and old once like twitter , google can not be verified on this your csr

Good interview-episode.

Very good eduction and thanks too much

Yes bring him back for more please!!! Go over diffie helman

Deep. Thank you

Can a 13.56 MHz RFID System modual Read and Write to a 125 kHzChip?

Mr David I'm Ali from Ksa please which books that you recommending me to buy in a amazon please

great content!

and the pinning. major issue

What do you thing about SUI NETWORK

Thaankyou so very MUCH

Packet Forensics that is trusted by TrustCor certificates to vouch for the legitimacy of websites has connections to contractors for U.S. intelligence agencies and law enforcement, according to security researchers, documents and interviews.

How do people crash peoples game online?

I love this content I really do but I had to come back to it a few times because his cadence damn near put me to sleep the first couple watch throughs this video

Google (Chromium), Brave (Chromium), and very possibly Firefox (Mozilla) are discontinuing updates for their web browsers for Windows 7 and 8.1. Besides updating their OS, what can Windows 7 and 8.1. users do as far as having the most secure, privacy centered, internet compatible web browser and which one would it be with Brave (for example) off of the table?

💖💖💖

Keep up

Good

Wait. Trust. VeriSign does a background check of a company prior to signing your cert. These new Mickey mouse ca concerns me. Very little is done to validate a company.