Certificates from Scratch - X.509 Certificates explained

  Рет қаралды 125,928

OneMarcFifty

OneMarcFifty

Күн бұрын

Пікірлер: 125
@jairunet
@jairunet Жыл бұрын
Excellent, there are not many well-explained X.509 certificate videos online, this is super valuable, and thank you for putting this series together, looking forward to the next one.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thank you very much!
@rklauco
@rklauco Жыл бұрын
While I understand the certificates now, I should have had this video on my playlist ~5 years ago. This is excellent. I'll use your channel to recommend to my team - your IPv6 videos rock, so does your OpenWRT tutorials. Keep it up! Thanks for the effort.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Robert, thank you very much!
@13F_Airborne
@13F_Airborne Жыл бұрын
Great content and presentation. Not only that, you just seem like a genuinely nice person. Subscribed.
@tissandre
@tissandre Жыл бұрын
What a coincidence! I was, this morning, looking at possibilities of using Certificates for authentication on SSH connection. And you start a new serie on Certificates right at that time!!! I'm SOOO looking forward to see the rest of the serie! Thanks!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Alexandre - great minds think alike ;-)
@depnik5583
@depnik5583 10 ай бұрын
Thank you sooo much Marc. This is easily one of the best explanations about certificates I’ve come across.
@CyberJuke5
@CyberJuke5 5 ай бұрын
This is the best video so far about certificates. Thank you so much for the marvelous explanation. Nice job!
@matrix9164
@matrix9164 Жыл бұрын
Nice! Marс, you have a talent to explain complex things in simple terms
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thank you very much Konstantin!
@pberto
@pberto Жыл бұрын
Thank you so much Marc. I think your explanation is the simplest and clearest one I've ever dealt with. I don't see the time when you will public next episodes.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Gabriele, it will be today - Monday at 5 PM Berlin time. the third episode will be next week, same time.
@leonardoquatrocchi7629
@leonardoquatrocchi7629 Жыл бұрын
You did a great job explaining this while showing the video the whole process so everybody can follow all the use cases and security concerns. Thank you so much!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Glad it was helpful! Thank you so much!
@taimoorkhan7783
@taimoorkhan7783 5 ай бұрын
As a CS undergraduate, I found this video very interesting and easy to understand, appreciate your work man, you got a sub 👍
@arghyl
@arghyl Жыл бұрын
This is fantastic! Thank you for making the topic so easy to understand. Certificates are certainly something I struggle with a lot!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Rodrigo - it was exactly the same for me until I bought a book on the topic ;-) All I do is share my learnings from it really ;-)
@cho_ke19
@cho_ke19 Жыл бұрын
I learned a lot from the info you provided. CA and CA. Best of the best. Thank you sir☺☺
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Awesome, glad it could help ;-) Thank you !
@plousho1947
@plousho1947 9 ай бұрын
Amazing video, I am studying for my exam and this video helped me understand the process alot better!
@daysiewaysie
@daysiewaysie Жыл бұрын
you are born to teach ! a great video and up to your usual, fantastically high standards... looking forward to the continuation of this series... many thanks Marc.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Damien, thank you very much! the next episodes will come out next Monday(s) at 5 PM Berlin time ;-)
@dakshshukla123
@dakshshukla123 14 күн бұрын
Thank you for this , very helpful for my upcoming Cryptography exam!
@aal2002
@aal2002 Жыл бұрын
Marc my friend, this is an outstanding video! Wow, I wish I had seen this about 2 years ago. Now I totally understand certificates. Thank you so very much! You are an excellent teacher!
@Barchy22
@Barchy22 7 ай бұрын
Best video describing certificates that I have ever seen.
@BS-my2ky
@BS-my2ky Жыл бұрын
Simply amazing! Looking forward to see an espisode on key management and distribution.
@konradmolinski2772
@konradmolinski2772 Жыл бұрын
i've been looking for good explanation of that topic for a while. This is incredible good one. Thank you!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Glad you enjoyed it! Many thanks for the feedback!
@memoli801
@memoli801 7 ай бұрын
Besser als ich dachte Man merkt, da hat man sicht richtig viel Mühe gegeben!
@NigelSharp
@NigelSharp Жыл бұрын
Really awesome explanation. I've watched many of these tutorials and this is the best.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, thank you so much. I am glad that you liked it !
@rohanofelvenpower5566
@rohanofelvenpower5566 Жыл бұрын
YEEEEEEEEEEEEEEEESSSSSSSSSSS I just stumbled on this recently so now Im interested to learn it and behold, one of the greatest teaching channels on youtube drops a video on it perfect!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Awesome - many thanks ;-)
@thibaultguillen8423
@thibaultguillen8423 Жыл бұрын
Great job again Marc ! I can't wait for the next episode on the keys management, I'm struggling with that for month.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Thibault, what's your use case ? Do you want to manage keys for multiple people ? Have a look at OpenXPKI for example.
@thibaultguillen8423
@thibaultguillen8423 Жыл бұрын
@@OneMarcFifty Hey Mark ! Thanks for your reply. I'm self learning certificates on a Mikrotik router and I try to figure out what key usage for which purpose. Can you give examples ?
@itsawonderfullife4802
@itsawonderfullife4802 Жыл бұрын
Practical approach and clear as always. Thank you.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thank you very much ;-)
@juanrebella2589
@juanrebella2589 Жыл бұрын
Amazing class as usual Marc, Thanks!! Juan.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Juan, many thanks!
@aayushsardaa
@aayushsardaa Жыл бұрын
Really great video. Loved the way he explained the entire process.
@oscarllamas
@oscarllamas 6 ай бұрын
Excellent master class on certificates! Greetings from Guatemala
@jannemec1787
@jannemec1787 3 ай бұрын
Great video Marc! Everything well explained and understandable and sometimes even funny :-) Thank you :-) Greetings from Prague, CZ ;-)
@MISANTHROPEBLOOD
@MISANTHROPEBLOOD Жыл бұрын
Amazing video thanks for share all your knowledge, in this simple way, you makes look all so easy and simple...
@OneMarcFifty
@OneMarcFifty Жыл бұрын
My pleasure 😊 Glad you liked it!
@marcorojas3179
@marcorojas3179 10 ай бұрын
Excellent explanation! Thank you so much for the effort.
@lakshmanankanthi7158
@lakshmanankanthi7158 Жыл бұрын
Thank you so much, it's very clear now :) You are a wonderful teacher
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Lakshamanan, thank you so much!
@Alexander-ns9yv
@Alexander-ns9yv 7 ай бұрын
Thanks. Now I understand TLS altogether.
@jeroenrevalk
@jeroenrevalk 2 ай бұрын
Thanks for the Cert series. Very helpfull!
@joeydebra763
@joeydebra763 Жыл бұрын
Great vid! I hope in the future you might want to explain how to use/setup SCEP and OCSP. I've been struggling to use openssl for signing certs for my WPA2 enterprise at home. It worked okay last year but this year my iOS phone does not want to trust the certificate while it does have the CA cert pushed and trusted via MDM.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Joey, I might have a look into those - thanks for the hint ;-)
@jeffreyplum5259
@jeffreyplum5259 Жыл бұрын
I have a use case for self signed certificates. Old style FTP sends everything in clear text. If I configure my server with a certificate, it becomes a FTPS server like using a certificate turns HTTP into HTTPS. At times one only wants to avoid sending everything in an easily read form, on an internal network Self signed certs can be more a tool for privacy rather than the tight trust and security a bank or commercial business requires.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Jeffrey, great use case - thanks for sharing ;-)
@daniellukesmith
@daniellukesmith 7 ай бұрын
His explanations are the best!
@papajohnscookie
@papajohnscookie 4 ай бұрын
Absolutely brilliant video, thank you
@raunomakela9226
@raunomakela9226 Жыл бұрын
When is the next episode up? Tomorrow? Excellent content as usual!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thank you ;-) Next Monday !
@nateswany
@nateswany 6 ай бұрын
Great video! I think maybe the audio cut out at 17:51 and comes back at 18:04? Or maybe it was my BT audio driver. I can't seem to confirm this afternoon. Loved the content either way!
@danilocorrea5964
@danilocorrea5964 Жыл бұрын
Hi Marc! Excellent video as usual, thanks for the tidy knowledge! Could you explain how to apply this solution to remote access OpenWrt?
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Danilo, you mean remote accessing the Web interface (LuCI) from the internet, correct? You would need a reverse proxy running on the router and requesting client Certificates for that.
@rafaelchaves6920
@rafaelchaves6920 11 ай бұрын
Finally i understand this, ehat incredible class!!
@LucaBarbetti-qh2jh
@LucaBarbetti-qh2jh Жыл бұрын
Really well done, thank you so much and kudos for your channel
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Luca, many thanks for the feedback!
@trungdang1817
@trungdang1817 Жыл бұрын
Well explained, I am getting more and more understanding of certificates. One point I do not understand is about X509 is the naming standard or what kind it is.
@killer2600
@killer2600 8 ай бұрын
Certificate is a general word and so can have many meanings and take many forms. For example, a high school diploma is a certificate. "X.509" is the specific standard (set by the International Telecommunication Union/ITU) for certificates of this type and format. So while a "Certificate" can take any shape and form, a "X.509" certificate will only take a specific shape and form that makes it compatible anywhere X.509 certificates are used/accepted. X.509 is the standard used for SSL/TLS so any valid SSL certificate will be a X.509 compliant certificate.
@kefteves
@kefteves Жыл бұрын
Awesome video, incredibly helpful, thankyou!
@IanMatthews666
@IanMatthews666 7 ай бұрын
Excellent stuff Marc. Thanks!!!
@IBITZEE
@IBITZEE Жыл бұрын
thx Mark... as always... high value information... 🙂;-)
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thank you very much ;-)
@Sabrinakay2008
@Sabrinakay2008 Жыл бұрын
You saved me 200 USD. Thanks so much!
@007hansen
@007hansen 8 ай бұрын
Dude well done. Put link to playlist or next video too please.
@elave16
@elave16 5 ай бұрын
great content! got a new suscriber! just commenting to contribute to the algortithm engagment thingy hehe
@geoman6079
@geoman6079 Жыл бұрын
Hello, Great video, you cover some topics that aren't covered very well in KZbin. 2 questions I have: 1. What exactly is an X509 certificate? You never mention that explicitly. What are the other types of certificates? 2. In your "How Does LetsEncrypt Work" section, it's a little confusing how a CA verifies the host. How does a DNS lookup verify that the person who requests a certificate owns the domain? Can't I just go to the LetsEncrypt website and request a certificate for Google? How does a DNS lookup prove that the requester controls that IP?
@OneMarcFifty
@OneMarcFifty Жыл бұрын
(1) X.509 is ruled by RFC 5280. Alternate Certificates are e.g. PGP. In a nutshell an X.509 Cert is a public key plus some text around it (Issuer, purpose, Validity etc.) that is SIGNED with the private key of the CA. (2) There is no verification of the person, only the host. Let's say you request a cert for abcde.google.com from your host with IP x.x.x.x - Letsencrypt would then do a DNS Lookup for abcde.google.com - but as they won't get your IP in return (because you can't make an A entry in Google's DNS), they know that you are NOT in control of google.com.
@geoman6079
@geoman6079 Жыл бұрын
@@OneMarcFifty So does that mean that the server that contains the website files (the host) must be the one to make the request for the certificate? In practice, I'd assume that someone would need to physically open a browser in the host, navigate to LetsEncrypt website and fill out their form? From what you've described I can't use my development computer to request a certificate for a server storing the website right?
@OneMarcFifty
@OneMarcFifty Жыл бұрын
That’s correct. The request needs to be made from the server that the DNS name points to. You could however copy that certificate to a server in your LAN wit the same name there.
@phill13able
@phill13able Жыл бұрын
That bass is amazing
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Thanks Conrad ;-)
@zz-nj4hl
@zz-nj4hl 5 ай бұрын
This was great - thanks!
@AnthonySennett
@AnthonySennett 5 ай бұрын
Brilliant thank you.
@timvanrooijen3324
@timvanrooijen3324 Жыл бұрын
Thanks this was really helpfull!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Tim, glad it helped, many thanks!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Tim, glad it helped, many thanks!
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Tim, glad it helped, many thanks!
@svddwd
@svddwd 8 ай бұрын
Great content ! Thank you!
@yashraikwar5412
@yashraikwar5412 11 күн бұрын
I understood it clearly
@qamaranwar-ye8tp
@qamaranwar-ye8tp Жыл бұрын
GREAT to say the least, watched so many videos but the concents u cleared, WoW. howcome this is all free ? any place I can donate ?
@StaRipper
@StaRipper Жыл бұрын
Please do video on Tailscale on OpenWRT
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, I usually do not make videos about 3rd party services. I will however make a video on WireGuard troubleshooting soon.
@Fdux
@Fdux 11 ай бұрын
Well done Marc… Danke schun…
@briancoverstone4042
@briancoverstone4042 Жыл бұрын
I've always thought of a certificate as being a public key (with private key optionally included, if you have it) that has additional "properties", including proof of who issued the certificate, and what the certificate can be used for. The whole topic of what a certificate can be used for is confusing. I know about web services and code signing, but there seems to be a lot of other uses that I'm not so familiar with.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi Brian, you are right - a certificate is basically a public key with some text around. In order to use it, you need a private key. Just - another key pair comes into play - the CA that signed it. And if you trust that CA then you can trust the certificate.
@briancoverstone4042
@briancoverstone4042 Жыл бұрын
@@OneMarcFifty can you do a video on the certificate use property?
@barreiros5077
@barreiros5077 Жыл бұрын
​@@OneMarcFifty So if you make a forgetry of this CERTIFICATE you should be im legal prosecution...but my wife ist Advisor, Barrister not my business 🤔
@OneMarcFifty
@OneMarcFifty Жыл бұрын
I am sorry - I don’t really understand you. What is forgetry? What does Barrister mean?
@briancoverstone4042
@briancoverstone4042 Жыл бұрын
@@OneMarcFifty i think he meant "forgery". Which isn't really possible. I didn't follow the rest either.
@ArifMuradl
@ArifMuradl 10 ай бұрын
Awesome!!! thank you
@melvincross5386
@melvincross5386 Жыл бұрын
well explained, thanks
@aleksandrkubar6255
@aleksandrkubar6255 Жыл бұрын
Thanks Marc!
@achyuthvishwamithra
@achyuthvishwamithra Жыл бұрын
8:49, Public key of R3 isn't stored on the onemarcfifty certificate to verify the signature on it. It's stored on it's own certificate which is a part of the certificate chain. The private key of R3 is used to generate the signature present on the onemarcfifty certificate during the CSR. This signature can be verified using the public key present on R3 certificate during verification. Isn't this correct?
@ahmadmuhammad7423
@ahmadmuhammad7423 Жыл бұрын
that is amazing !
@skyfoxnz
@skyfoxnz Жыл бұрын
Hi, thanks for the video. I was following your instruction using XCA tool but it doesn't show the treeview for some reason. There is a plain view/tree view button but it doesn't show the tree view either. Not sure what I am doing wrong.
@duskern
@duskern Жыл бұрын
In the first part of the video where you download a certificate in chrome, you mention that you are downloading it in pkcs7 format. Is this format just the default in Chrome, or did you do something in Chrome to select the format?
@duskern
@duskern Жыл бұрын
Great video also. You just found yourself a new subscriber :-)
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, I just found it was easier to add to chrome in PKCS7 - you could use PEM full chain as well. Works easier with Firefox
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Awesome, many thanks !!!
@duskern
@duskern Жыл бұрын
@@OneMarcFifty Thx for the reply. Is there any specific reason for this? I'm really confused about the different certificate and key formats, so I'm trying to learn what the differences are and what they are used for.
@OneMarcFifty
@OneMarcFifty Жыл бұрын
@@duskern It's historic mainly - different applications over time have used different formats. See this article here for a comparison comodosslstore.com/resources/a-ssl-certificate-file-extension-explanation-pem-pkcs7-der-and-pkcs12/
@yosharma5210
@yosharma5210 Жыл бұрын
Csr has private and public key??? Does CA sign the certificate with servers private key? Or servers private and public key???
@timryan3849
@timryan3849 4 ай бұрын
Except, you didn't choose PKCS#7, you chose PEM File.
@JosePto
@JosePto 10 ай бұрын
I still don't get what a signature is 😅
@LipiAktar-h4q
@LipiAktar-h4q 2 ай бұрын
Thompson Elizabeth Miller Patricia Davis George
@onetruth9869
@onetruth9869 Жыл бұрын
Big brother coming if we give all authority, to government with a blind trust. Trust is paramount. how many still have absolute trust in all that is government given their performance over the last 3 years, and still is ongoing to this day,
@OneMarcFifty
@OneMarcFifty Жыл бұрын
Hi, many thanks for your feedback. Please do however keep in mind that neither TLS certificates nor Certification Authorities have anything to do with the government - those are independent companies really.
@Fdux
@Fdux 11 ай бұрын
@@OneMarcFifty all technology is created by DARPA n given to AWS GCP and Microsoft….GillBates moron couldn’t invent anything but the harvard dropout is a good story…
@temax
@temax Ай бұрын
I didnt understand a thing xD
@Helen-g5Helen_2rzt
@Helen-g5Helen_2rzt 4 ай бұрын
Hold onto your hats, it's cash refund time
@thirumalarao8526
@thirumalarao8526 Жыл бұрын
Too many adds
@xyz3188
@xyz3188 Жыл бұрын
hi , can i contact you pls ?
@rahulsingh-iq4gd
@rahulsingh-iq4gd 8 ай бұрын
No
@xyz3188
@xyz3188 8 ай бұрын
@@rahulsingh-iq4gd No !!! 🤔
@rahulsingh-iq4gd
@rahulsingh-iq4gd 8 ай бұрын
@@xyz3188 bhai sooja 😂
IPv6 with OpenWrt
25:29
OneMarcFifty
Рет қаралды 36 М.
When Cucumbers Meet PVC Pipe The Results Are Wild! 🤭
00:44
Crafty Buddy
Рет қаралды 55 МЛН
Муж внезапно вернулся домой @Oscar_elteacher
00:43
История одного вокалиста
Рет қаралды 4,9 МЛН
Disrespect or Respect 💔❤️
00:27
Thiago Productions
Рет қаралды 41 МЛН
Secure your Cloud Services with TLS X.509 Client Certificates
15:57
HTTPS, SSL, TLS & Certificate Authority Explained
43:29
Laith Academy
Рет қаралды 136 М.
Digital Certificates: Chain of Trust
16:41
Dave Crabbe
Рет қаралды 295 М.
PKI Made Simple -  Everything Your PKI Consultant Doesn't Want You to Know
19:23
What are Digital Signatures? - Computerphile
10:17
Computerphile
Рет қаралды 344 М.
PKI Bootcamp - What is a PKI?
10:48
Paul Turner
Рет қаралды 199 М.
Intro to Digital Certificates
21:47
Dave Crabbe
Рет қаралды 433 М.
TLS Handshake Explained - Computerphile
16:59
Computerphile
Рет қаралды 566 М.
How to create a valid self signed SSL Certificate?
25:01
Christian Lempa
Рет қаралды 370 М.
When Cucumbers Meet PVC Pipe The Results Are Wild! 🤭
00:44
Crafty Buddy
Рет қаралды 55 МЛН