This should have a ton more likes than it does. Not many on KZbin have ever explained it like this before. Great job!

12:25 Brilliant!!! I didn't know about transparency laws requiring the disclosure of private certs. For me, that's a deal breaker for my (future) homelab.

congratulations for sharing info about certificate transparency program; many people are not aware about it, and some will have a big unpleasant surprise one day (hostnames disclosure, funny "test" dns names etc.)

Waoo. The first video that explains me how let’sencrypt ask DNS for verification. This video is for newest like me. Thanks

Thanks Marc! The way you explain the thing is excellent!

Let's Encrypt is a fantastic project! It definitely makes the internet more accessible and secure for hobbyists webmasters. Very good explanation by the way!

I can only confirm my comment on part 1. Good job, Marc.

Very interesting. Especially using a free wildcard cert locally. Thanks a lot!

That application/database program I am using ever since, its awesome. Thank you.

I love how well you explained everything. Thank you.

Very nice and very clear explanation around letsencrypt. Thank you. Deserves a lot more likes.

Very nicely explained. Thanks a lot for your efforts.

I did not realize you can use the wildcard certs like this in LAN. Good idea...

Thanx Marc! I personally found the best option to automate let's encrypt wildcard cers is to maintain your own dns servers. It allow you to make any number of subdomains with DNSSEC and all the stuff.

Thank you for this Marc. This is a big help for me :)

Great explanation and great video (series)! Thanks!

well served solutions for everyone. Great job!

His explanations are the best

Very Well Explained.

Thank you very much for your great explanation.

Underrated content!

Hello and Thank you for the informativ video lessons. I have a strange issue with openssl signing my own intermediate certificate. The CN= in the subject comes at the end like this OU=, O=, C=, CN= but it needs to be CN=, OU=, O=, C= . My system is using additional parameter that is looking for this pattern before trusting the certificate. Why is openssl suddenly deciding to revers the order? Is there a flag or a parameter in the ca.conf that I can use to fix the order? Thank you.

Excellent explanation. Actually I am using tomcat server on my LAN to deployed my application. In this video we downloaded two certificate and key can I use only key and ca certificate or key with certificate to configure https in tomcat.

GREAT Video, GREAT to say the least

Interesting, great content! I happen to use the same webspace-provide like you, but I have enabled 2FA with an authenticator-app. Do you see any chance then still to do automation?

Extremely helpful video series, thank you!

Very nice and idiot proof explanation. Thank you.

Thank you for the video ! does the wildcard option allow me to use short names without a warning ? I'm using step-ca for my homelab to automatically provides certificates for my servers

Great video Marc, always extremely informative thank you!!! Would you ever consider revisiting the BATMAN protocol in depth? Such as with DSA architecture or APs with no built in switch?

do you have a video explains in details about wildcard certificate ?

great video quality, great content, great tool and of course great explanation. I have downloaded the XCA software on my windows 10. I have a lil challenge: I am working with vs code and have accessed my server via it. I have also created my CA with XCA. the challenge i have now is copying my CA to the server just like you did. Any guide?

can you show how to secure a network with cert? 1. Windows Server, Linux Server, SQL Server 2. Windows client, Mac client, Linux client

I'm really interested in your automation certbot script. How did you read the string for the txt record given by certbot?

So no way to get lets encrypt certificate for internal domain other than creating own CA?

Thank you very much for this video. Is it possible to run this XCA program in Docker Container? What would be the best option, in terms of security?

Thanks!

Great video!

very nice,thank you

I agree with@BrianThomas - never seen anything like this before - well done sir. I wonder if you would be able to cover the X.509 certification in terms of STM32 Mbed RTOS terms of usage. I.e., would the xca tool be able to support the lwIP embedded server httpd deamon on STM32 processors. Also how can the x.509 certification be implemented on production runs of hundreds or thousands of boxes. Would every box require a seperate certificate etc. in case the vendor does not use a different private key for each product sold would the public key holders be able to hack other customers products. This is a very unclear area of discussion regarding this type of certification. Please give us your thoughts on this topic sir. Thanks

can i share my x 509 .pem certificate to my teammate? what happens if .pem certificate is publicly exposed??

Thanks! 👍

Thank you. You explained that very well.

Thanks!