Revocation of digital certificates: CRL, OCSP, OCSP stapling

Рет қаралды 73,877

6 жыл бұрын

Digital certificate are normally expired after one year, but some situations might cause a certificate to be revoked before expiration. How does a client check the revocation status? Here I introduce three methods: CRL, OCSP, & OCSP stapling. What are they? How do they work? You would find answers in this video.
Playlist: Advanced Cryptography -
• What is digital signat...
Playlist: Basic Cryptography
• Private Key Encryption...
Please subscribe to my channel!
Please leave comments or questions!
Many thanks,
Sunny Classroom

Пікірлер: 81

@michaeljimenez239 Жыл бұрын

Just want to say, i used some of your videos to pass my network plus and currently doing th same with security plus. I always find your explanations easier to understand than most other instructors. Thank you!

@johnhart6320 5 жыл бұрын

As ALWAYS...your videos help me BIGTIME! Whenever I am in need of a CLEAR explanation on a technology that some other 'Off the Charts GEEK in the Weeds' tries to teach, I check and see if Sunny has a class to clear it up for me! Thanks Again Man!!

@sunnyclassroom24 5 жыл бұрын

Thank you, John, for saying nice things about my videos. You are welcome. I wish I would complete my whole series in this area (about 200 videos) soon.

@MohenjinAdventure 4 жыл бұрын

I could not understand about CRL/OCSP/OSCP Stapling, but now I finally did. Thank you! You have been a great help!

@chengluo5956 3 жыл бұрын

Simple and clear, that's all I need. Thank you Sunny!

@nattiyar614 3 жыл бұрын

This is by far the best explanation ever! Thank you so much!!

@lesleycouch9542 10 ай бұрын

I knew I could count on you to explain this concept clearly and concisely. I get it now! Thank you Sunny!

@jaydawg91 2 жыл бұрын

As always your videos are clear and provide accurate information. Thank you, Sunny.

@miriyalajeevankumar5449 3 жыл бұрын

The best content on this topic is your channel !!

@nkanakaraj Жыл бұрын

Awesome! This is the exact info I was looking for to troubleshoot an issue related to OSCP. Sunny! you very well explained CRL, OSCP, and OSCP-Stapling operations in a quick video. Thank you very much!

@scottbiggs8894 4 жыл бұрын

Step 4, that all this happens "during the SSL/TLS handshake" was the puzzle piece I was missing. Thank you. And the music at end made me laugh. :)

@sunnyclassroom24 4 жыл бұрын

Thank you for watching!

@mimi7132 3 жыл бұрын

Exactly

@TheSukramb 4 жыл бұрын

Truly awesome. Helps a lot because of your visualizations in addition to your explanation.

@sunnyclassroom24 4 жыл бұрын

Thank you for your time!

@TheAhamedabdul 3 жыл бұрын

Thanks a lot Sunny! this is very clear and useful.

@asoteico9528 4 жыл бұрын

Greatly done Sunny...!!! 🥇🎖🏅

@techlearner4806 2 ай бұрын

Simple and easy language/demo used in video. All thanks to you.

@johnnkoh2601 4 жыл бұрын

you are really good at explaining things. Thank you very much

@marcosalameh8677 2 жыл бұрын

As usual soooooooo amazing!!!!!!!!!!!!!!!!!!!!!

@nicholasbarning8250 5 жыл бұрын

Excellent videos, very concise and easy to understand. Thank you

@sunnyclassroom24 5 жыл бұрын

you are welcome!

@poncho8887 Ай бұрын

Thank you for your clear explanations for our understanding.

@AmeenAltajer 3 жыл бұрын

Clear explanation, thanks man!

@jilanishaik8791 3 жыл бұрын

It's very nice explanation. Thanks Sunny

@ayatarek6612 2 жыл бұрын

Thank you so much this was very clear and helpful.

@okbazoueghi6714 3 жыл бұрын

Great explanation!

@aziz421973 5 жыл бұрын

Very useful information, thank you so much.

@sunnyclassroom24 5 жыл бұрын

You are welcome, Aziz.

@tim6925 Жыл бұрын

thank you, thats a very clear explanation.

@AyushmanAdhikary 2 жыл бұрын

Great video. Thanks for the explanation.

@34521ful 5 жыл бұрын

Hi Sunny, great video once again! I think one thing I'd add for future viewers is that another thing browsers like Firefox and Chrome do are just push a software update if a certificate must be revoked as soon as possible

@sunnyclassroom24 5 жыл бұрын

thanks a lot for your information. I appreciate it very much.

@Drawmeafatcat 2 жыл бұрын

crazy how complicated other people make this when you just explained it in 6 mins.

@101appsCoZa 4 жыл бұрын

another great video tutorial. thank you so much

@sunnyclassroom24 4 жыл бұрын

Thank you!

@sonurocks341 4 жыл бұрын

Great Videos. Very crisp explanation.

@sunnyclassroom24 4 жыл бұрын

Glad you liked it!

@HughJass-jv2lt 2 жыл бұрын

Bravo!! ❤❤

@grahammattingley9784 5 жыл бұрын

Very helpful information - keep up the good videos and the good work

@sunnyclassroom24 5 жыл бұрын

thanks a lot!

@jeremygunter9877 21 күн бұрын

Well done, thank you!

@dr.r.aravindhanm.eph.d1046 Жыл бұрын

Very Good Explanation

@livestronger1981 3 жыл бұрын

Great explanation

@jasonhoi85 3 жыл бұрын

thanks this is much clean then reading the text explaination

@sunnyclassroom24 3 жыл бұрын

Thank you for watching!

@andreaszetea-ster900 4 жыл бұрын

great work. Thank you

@sunnyclassroom24 4 жыл бұрын

Thanks

@ahmeddarwish3859 2 жыл бұрын

very good teacher.Thanks

@OmarJIBAR 2 жыл бұрын

Beautiful 👌

@mimi7132 3 жыл бұрын

great explanation, thanks

@ravichanderkt326 Жыл бұрын

You're Gifted By God.

@devendramhatre5007 3 жыл бұрын

Nicely Explained.... thank you sir

@sunnyclassroom24 3 жыл бұрын

You are most welcome!

@zowajoy7616 3 жыл бұрын

You are awesome 🙏

@sunnyclassroom24 3 жыл бұрын

Thanks!

@dieglhix 3 жыл бұрын

All clear, thanks Mr. Subscribing now.

@sunnyclassroom24 3 жыл бұрын

Thanks for the sub!

@jibnathgautamhy1280 4 жыл бұрын

Thank you verymuch

@rajeshgeorge6093 3 жыл бұрын

thanks very much

@sunnyclassroom24 3 жыл бұрын

You are so welcome!

@kavi3841 3 жыл бұрын

Thank you sir

@sunnyclassroom24 3 жыл бұрын

All the best

@fa307 Жыл бұрын

great video, would be great if you could update this and make a video about certificate transparency (CT Logs)! :)

@corolla1209 4 жыл бұрын

Hi Sunny, will you talk about SCVP in the future videos?

@iyam1513 Жыл бұрын

Thanks for your video, "OCSP stapling" is quite smart solution, but for how long does web server cache OCSP Response from CA? And for how long does the client (browser) consider that the response is still valid (I mean as for standards)? I think this is the point of "lag" between revocation and outdated signed OCSP Response from web server. So it is important to note.

@arber10 5 жыл бұрын

Sunny, one more question: Which book(s) would you recommend for a deep dive in this topic? (I mean cryptography not just revocation.)

@sunnyclassroom24 5 жыл бұрын

It depends how deep do you want to go? If you are just for CompTIA security + , you can use Comptia security+ guide to network security fundamentals 6th edition or 5th edition (cheaper).

@arber10 5 жыл бұрын

Thank you. I will check this.

@ameenasif 2 жыл бұрын

So if an organization has issued certificates in thousands , and device1 comes with request , does webserver has stapled request for all thousand devices at that time , if its cached only on calls ? so when a signed response is received all it needs to do is verify certificate validity end date etc, no need to go to check revoked status as its trusted with cryptography i.e the signed response . is this right

@deekusnotes3318 11 ай бұрын

Does it mean OCSP URLs no need to be added to firewall between client and server?

@greenboy7484 6 жыл бұрын

hi sunny...can you explain how policy maping works in CA and sub-CA in another video?

@sunnyclassroom24 6 жыл бұрын

I put it on my to do list. Many thanks!

@mofogie 4 жыл бұрын

well what if a domain spoofer simply forges a certificate?

@sriksrik8184 3 жыл бұрын

Hi Sunny, if the client from a ABC company domain accessing a website, how can it check the website certificates status from the ABC domains CA CRL list,,, does that mean that ABC domain CA will have constant updates, if so how,,,

@ishajain7020 5 жыл бұрын

When certificates are stolen from CA, why those certificates need to be revoked. I mean we are already certificates, but harm stolen certificates will make.

@sunnyclassroom24 5 жыл бұрын

Browsers make sure that all certificates are valid. It is like someone stole your credit card, and you want to report to your credit card company to revoke it. Otherwise, the thief will use your credit card. The same thing.

@RajivKumar-ee7xv 3 жыл бұрын

@@sunnyclassroom24Here I have a question, Private key of stolen certificate is always with the owner for whom CA issued certificate. So other details are always public. What was stolen from CA for that particular certificate?