Certificates of Authority: Do you really understand how SSL / TLS works?

Подписаться 2,5 млн

Просмотров 193 тыс.

50% 1

The Internet would be unusable without certificates and Certificates of Authority. If CAs got comprised or their private keys got stolen, we would be in big trouble.
Warning! We go deep in this video and explain why certificates are critical to your online life and the Internet. This is a technical deep dive and covers a lot of detail.
// Ed's TLS course //
davidbombal.wiki/edtls49
Use coupon code: "BombalTLS" to get the course for $49
// Videos mentioned //
TLS Handshake Deep Dive and decryption with Wireshark: • TLS Handshake Deep Div...
She hacked me (Cori): • She hacked me!
// Websites mentioned //
badssl: badssl.com/
crt sh: crt.sh/
// MENU //
00:00 - Coming up
00:55 - Intro
01:00 - SSL Certificates
01:55 - How to validate website certificates
05:05 - Why certificates are important
08:10 - What is a CA? // Explanation of the Cerificate Authority
12:35 - Certificate chain
15:00 - Inspecting certificates
22:42 - Inspecting certificates // RSA Public-Keys
26:26 - Inspecting certificates // Extensions
28:07 - Wildcard certificates
29:20 - Inspecting certificates // Extensions (cont'd)
32:07 - Testing certificates // badssl.com
36:02 - Inspecting certificates
43:19 - Learn more about SSL/TLS
44:47 - Closing thoughts // TLS in the fututre
// Ed's SOCIAL //
Twitter: / ed_pracnet
RU-vid: / @practicalnetworking
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
RU-vid: / davidbombal
// Ed's TLS course //
davidbombal.wiki/edtls49
Use coupon code: "BombalTLS" to get the course for $49
// More detail on Ed's RU-vid channel and website //
Asymmetric Encryption explained from a Practical Perspective:
www.practicalnetworking.net/p...
RSA Algorithm:
• RSA Algorithm - How do...
DH Algorithm:
• Diffie-Hellman Key Exc...
Practical TLS - Crypto & SSL/TLS foundation:
• Practical TLS - Free L...
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
tls
tls decryption
twitter
ssl
ca
certificate of authority
cert
certificate
verisign
twitter
crypto
cryptography
ssl decryption
tls wireshark
tls decryption wireshark
tls tunnel
tls handshake
tlsp
tls explained
tls tunnel
vpn
tls protocol
tls handshake explained
tls 1.3
TLS
Transport Layer Security
Handshake
TLS Handshake
Crypto
Cryptography
security
wireshark
wireshark tutorial
wireshark packet analysis
tls decryption
tls decryption wireshark
tls 1.3 decryption
tls decryption wireshark
tls tunnel vpn free internet
tls decryption palo alto
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
#tls #ssl #wireshark

Опубликовано:

28 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 188

@davidbombal Год назад

The Internet would be unusable without certificates and Certificates of Authority. If CAs got comprised or their private keys got stolen, we would be in big trouble. Warning! We go deep in this video and explain why certificates are critical to your online life and the Internet. This is a technical deep dive and covers a lot of detail. // Ed's TLS course // davidbombal.wiki/edtls49 Use coupon code: "BombalTLS" to get the course for $49 // Videos mentioned // TLS Handshake Deep Dive and decryption with Wireshark: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-25_ftpJ-2ME.html She hacked me (Cori): ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-U6pDqFhN82I.html // Websites mentioned // badssl: badssl.com/ crt sh: crt.sh/ // MENU // 00:00 - Coming up 00:55 - Intro 01:00 - SSL Certificates 01:55 - How to validate website certificates 05:05 - Why certificates are important 08:10 - What is a CA? // Explanation of the Cerificate Authority 12:35 - Certificate chain 15:00 - Inspecting certificates 22:42 - Inspecting certificates // RSA Public-Keys 26:26 - Inspecting certificates // Extensions 28:07 - Wildcard certificates 29:20 - Inspecting certificates // Extensions (cont'd) 32:07 - Testing certificates // badssl.com 36:02 - Inspecting certificates 43:19 - Learn more about SSL/TLS 44:47 - Closing thoughts // TLS in the fututre // Ed's SOCIAL // Twitter: twitter.com/ed_pracnet RU-vid: ru-vid.com/show-UCKmU-GKiukM8LYjkJFb8oBQ // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RU-vid: ru-vid.com // Ed's TLS course // davidbombal.wiki/edtls49 Use coupon code: "BombalTLS" to get the course for $49 // More detail on Ed's RU-vid channel and website // Asymmetric Encryption explained from a Practical Perspective: www.practicalnetworking.net/practical-tls/rsa-diffie-hellman-dsa-asymmetric-cryptography-explained/ RSA Algorithm: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-Pq8gNbvfaoM.html DH Algorithm: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-KXq065YrpiU.html Practical TLS - Crypto & SSL/TLS foundation: ru-vid.com/group/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!

@KhayyamAbdullah Год назад

Thanks for such videos

@davidbombal Год назад

You're welcome!

@fulol1785 Год назад

@@davidbombal brother can you please make a video on how to fix termux on Android is completely broken I can't install or update nothing please

@techwithgimhan1743 Год назад

can you make a vdo about ,to disconnect a bluetooth connection

@owenknight6838 Год назад

Very informative. I learned a lot. Thank you.

@nFire Год назад

The analysis of the certificates and (more in general) the care with which you bring this content trying to bring disclosure on these topics is really admirable. Thank you very much David, we could use more people like you in the world. An Italian software engineer - 🇮🇹

@davidbombal Год назад

Thank you! And welcome Italy!

@techfixer1543 Год назад

Yes hermano ... Please invite Ed back to go "deep deep deep" into RSA and Diffie-Hellman. Both of you have a great tech presence and chemistry with elucidating the behind the scenes stuff-- in this case with the inner workings of SSL/TLS. Thanks David, your content is always of the highest caliber!

@PracticalNetworking Год назад

Would be glad to =)

@olegserov6779 Год назад

It's a real pleasure to see these gurus being cooperated. I just love your courses! you're the best!

@rationalbushcraft Год назад

Yes please. I have a basic understanding of RSA and Diffie Hellman but going deep would be fun. When I explain DH I use the glasses and colored water explanation. With RSA I always explain it the same way you guys did here but I don't really understand how the math works beyond it is a remainder of a whole number from division.

@MohitKhare 10 месяцев назад

Huge thanks to Sir David and Ed. I feel safe and blessed to have people like you. ❤

@Shubham-Mishra Год назад

I see David Bombal Getting much fans here in India as well... Namastey 🙏 Love from India ❤️

@davidbombal Год назад

Thank you Shubham!

@MFoster392 Год назад

i learned so much from his handshake video and cory's videos. The Wireshark videos you do with ed and chris are so informative i hope you keep them up . Gotta love cory she's the best i hope you do more with her also. i have to say the people you show on your channel are the best in the buisness

@davidbombal Год назад

Thank you! Great feedback Michael! Glad you are enjoying the videos :)

@manigandansrinivasan5194 Год назад

Ed always take complex topic and make it easier for the audience to understand . David you always rock as you do in the past and i appreciate it

@robannmateja5000 Год назад

This is awesome! I loved this video and look forward to taking Ed's course as well. Thank you!

@Memespark Год назад

Such a good explanation!!! As a network engineer we issue and renew ssl certificates everyday for bank domains and just 1 certificate costs $300

@noizzy1306 Год назад

Excellent and valuable content. Great explanation with marvellous deep-dive examples. I don't have been interested in stuff around certificates, but this video truly caught me up.

@Cochise85 Год назад

I like the way David feigns ignorance in order to elicit a more detailed explanation 👍

@davidbombal Год назад

Thank you. My job is to bring the level down to make sure we can all understand what the experts are telling us :)

@Boolap1337 Год назад

@@davidbombal I thought of this aswell, David is so good at that, keep it up!

@gddaredevil Год назад

Hey David! First Comment!! BTW, the stuff you do is really great and I particularly liked the series of videos on Flipper Zero!

@davidbombal Год назад

Glad you like them! Lots more coming :)

@vyasG Год назад

Excellent interview. Thank you both for your time and effort! Deep dive on Encryption protocols like RSA, DH, etc. would be greatly appreciated.

@MrNightowl1980 Год назад

Wow!!! What a great great session this was! Thanks for this Dave

@PracticalNetworking Год назад

"Quantum Cryptography is closer than ever" "Well yea, that's how time works" ;) 25:38

@rockdarko440 Год назад

I took Ed's courses following the 1st time you made a collab with him and he doesn't disappoint. He even does live sessions for the newly added TLS1.3 content before he puts it into an actual online course - which is awesome because we get to ask questions. My next course with him is tomorrow actually. Great content but I mainly want to thank you for your great relevant content and putting Ed on my professional path. Like anybody here probably, I get most of my learning from free online resources as one should but Ed's course is one of the very few I consider being way above what you find for free online to easily make it worth what I consider a small price. This is content and expertise I have zero problem paying for as it translates into a big investment in myself as an IT professional.

@scottspa74 Год назад

Couldn't agree more. I found his content when I was studying CCNA content at school, and then was lucky enough to win his SSL/TLS course for free. He is the best instructor I've come across, and his illustrations always help a lot.

@NeurosesGamer Год назад

I agree with both of you guys here, and had the same feeling exactly. His teaching is truly excellent and you can tell he really makes sure you know the topic in and out, had to donate $5 to him, and will definitely donate more when I finally land a decent job 😆

@1nf1n7y Год назад

Very nice. thank you, David, for the content you offer.

@CyberABE Год назад

Wonderful, brilliant video again Thanks David, Thanks Ed !

@davidbombal Год назад

Thank you Fabio!

@vardhangoud8851 Год назад

Waiting for your New year resolutions video David sir. Expecting cool stuff

@davidbombal Год назад

Lots of cool videos coming in 2023 :)

@av4055 Год назад

I"m learning the ins and outs of tls, pki and certificates for my internship. This video comes in perfect time!

@hashimjarral5919 Год назад

Another deep-dive video about the protocols would be amazing.

@gebrielgebriel5916 Год назад

Always appreciate your work

@davidbombal Год назад

Thank you!

@DeepakRamanath 11 месяцев назад

Brilliant explanation of digital certificates and deciphering each component of it.

@letsgetteched Год назад

This will be a great visual, to what I just read about the certificate process, in my Sec+ study guide. Have a lab to do- How to steal certificates. So many of your videos to catch up on.

@cacurazi Год назад

Wonderful talk. Excellent content. Thank you

@Education-x6l Год назад

This is good information. @David Bombal, does that mean every single client device get to be assigned a different ID for SSL?

@alexandruszabo Год назад

Great video! So many good info! Thank you!

@abhiparay6454 9 месяцев назад

You're saving billions by making these useful videos. No need for coaching classes

@jean-philippeferron Год назад

This guy is clear and concise.

@vincenzopappano1662 Год назад

Damn! David Bombal and Ed Harmoush in the same video? What a treat!

@mwafulirwa1 Год назад

finally i will understand Certs!....haven't watch it but i know i will learn some great stuff having bought the CCN course on udemy and am learning some great stuff

@NicolasMaton Год назад

Another great video! Thanks

@davidbombal Год назад

Glad you enjoyed it!

@madison18710 9 месяцев назад

Thanks for your video ❤ I'm sorry to say that I'm unable to contribute to you because I'm under DNS attack right now among other strategies they changed them old-time so my apologies to you, you deserve so much more support I know what you do is time-consuming and it takes a lot of hard work thank you I appreciate you.

@lexkenn Год назад

Absolutely brilliant, thank you! I would be interested on more info in virtual networking and working with VMs. If that's in the scope of course. Thanks again!

@zarkomitreski2921 Год назад

You both are dangerous together.. Thank you for the videos.

@wavemakersdj Год назад

I say this somewhat tongue-in-cheek, but I'd really love to see a video on Microsoft Domain internal cert authorities and why MS hasn't changed how they work in over 10 years. So many holes exist using default settings for a windows pki environment today but it's still nearly required for on-premise/hybrid windows domains.

@MWAKADAVIDMAXWEL 7 месяцев назад

Great content ,thanks for sharing.

@TheDirge69 Год назад

Excellent presentation gents!

@Techito2536 Год назад

1st viewer from india very nice topic🤘

@davidbombal Год назад

Thank you for your support!

@Techito2536 Год назад

@@davidbombal just keep making videos on tech we all as a viewers want to be aware and gain some knowledge from your side 🤗

@drakezen Год назад

I had taken the Practical SSL course and found it well worthwhile to take.

@mwafulirwa1 Год назад

i need to watch this twice....so much content in one Video

@Oswee Год назад

Could make some episode about "Quantum-Safe Cryptography" and why it is important to start think about it.

@mrityunjayadixit1821 Год назад

I and My teammate have recently wrote a research paper on this topic and sent it to UCLA! Hoping for it get published

@mirzadzafic8999 Год назад

Hello. Great video and great way of explaining this concept. I have question, am i right if i say that https request for web page is sent after client and server establish session keys?

@sk3ffingtonai Год назад

Chain of Trust. Great content, thank you for sharing.

@PracticalNetworking Год назад

Still can't believe I forgot the words in the video... but yes, that's it!

@daljeetbhati8353 Год назад

Love your videos ❤️

@davidbombal Год назад

Thank you Daljeet!

@daljeetbhati8353 Год назад

@@davidbombal really happy to see you grow this much sir love from India

@tyrojames9937 Год назад

I LEARN ALOT OF INFO IN THESE VIDEOS!😁😁

@davidbombal Год назад

Glad to hear it!

@Nate-vy2hi Год назад

Deep. Thank you

@alexthornburg7156 Год назад

Loving these videos

@davidbombal Год назад

Very happy to hear that Alex!

@alexthornburg7156 Год назад

@@davidbombal I'm sure you hear this a lot, but your videos have done a TON for me to get more interested in Cyber Security. Keep being awesome!

@davidbombal Год назад

@@alexthornburg7156 that is the best kind of feedback! I love hearing that my videos are helping people like you :)

@haphamdev2 5 месяцев назад

Thank you very a very helpful video. 💯 I think your channel should be a part of my weekend routine. Btw, should personal info at 30:46 be censored?

@arifulislamleeton Год назад

good Afternoon. Thanks

@lenickramone 2 месяца назад

such an amazing content!

@cybersecurityexpert477 Год назад

sir please one video on penetration testing roadmap 2023 how to start how to learn which programming we should learn which tools can be used for pen testing

@abdelrahmanmohsen2735 Год назад

yes please go deep in rsa and deffie helman . very interesting and very nice way of explaining it

@digdouglasdig Год назад

I want to go Balls Deep, haha! Really, this is awesome, finally. I've wanted to know more about this for a very long time. 20 years or so... Thanks!!!! And I'll be checking out his site...

@dejuridico1691 Год назад

Excellent content, David! keep it up. Greetings from Mexico City.

@jugoslav-milosevic Год назад

Good interview-episode.

@user-dg7ds1ev4j 8 месяцев назад

Very good eduction and thanks too much

@sammo7877 Год назад

Thumbs up and like if you want to go deeper especially Diffie-Hellman key exchange - I do :) thanks for the great video David and Ed

@PracticalNetworking Год назад

Glad you enjoyed it !

@annelieselobo9823 Год назад

Thaankyou so very MUCH

@beyrekbaki Год назад

Amazing stuffs as usual

@cdcrjp2nft867 Год назад

Good thing I learn to implement before multiple failures

@THRE3KINGZStudios3kz Год назад

David Bombal & Practical Networking in one setting🥹🥹🥹 the community is to fine! The insight stay growing, everyone has the ability to network, & love to see like minds able to reach/touch others who want to gain more knowledge. 💯

@davidbombal Год назад

Thank you! Ed is amazing!

@THRE3KINGZStudios3kz Год назад

@@davidbombal Absolutely! I find myself falling back on Ed’s content whenever I forget certain details. Really have that in-depth knowledge.

@explorewithkhan6699 Год назад

It is an amazing explanation. Thanks a lot by sharing such a deep knowledge. As we know Root-CA certificate(info of Root-CA + Public of CA etc) is pre-installed in apps/browsers and when client visits any websites then Client will get the ICA'S as well as the ID-Cert of ROOT-CA Therefore both the PUBLIC of ROOT-CA and PRIVATE of ROOT-CA gets compromised by the hacker. How come this issue will be resolved?.... Please do reply as having a serious confusion. Thanks

@SgtStarSlayer Год назад

When going to Starbucks, there is an certificate issue when logging in to their wifi network. After connecting to it, must ping/connect to hotmail in order to be rerouted to Starbucks accept confirmation page to use their internet. Done on Kali OS. Some sort TSL / CA warning issue.

@ryankitching5936 Год назад

This was so great!! Thank you so much for the SSL/TLS The chain or trust is so critical in todays dodgy world.

@TonyAsh-rp6fp Год назад

Hi David, I have a problem with micosoft hyper v, i installed kali and parrot but both resolution is very small. i used command and insert in grup and update reboot but nothing happen. Could you please guide me how to fix the resolution?

@JulietHaas Год назад

Thanks!

@Cueteman Год назад

great content!

@ushernleya3626 Год назад

If you are a beginner in computer programming and you want to venture in programming language where do you exactly start

@samkirubakaran7474 Год назад

Hii Iam studying BCA Bachelors's of computer applications I will interested in Hacking so Next what i will do this career iam from India Tamilnadu please reply me....

@davidbombal Год назад

All the best with your studies Sam!

@mrityunjayadixit1821 Год назад

Hey Sam! Contact with me on LinkedIn maybe I can help u out or maybe point u to the right direction!

@samkirubakaran7474 Год назад

@@davidbombal David sir please guide me Please teach me

@samkirubakaran7474 Год назад

@@mrityunjayadixit1821 thanks for your kindly support please tell you Name in LinkedIn please

@00zo18 Год назад

question: on my old laptop with windows 7 en chrome i get a lot of popups that the certificate is not valid and that your connection is not secure on some trusted populair websites. But with firefox browser you dont get any of this popups. what is the difference between this 2 browsers? is chrome using more advance security or is it handled different? . thnx in advance,

@CallousCoder Год назад

That about the RootCA isn’t entirely true. Banks, governments, big corporations have intermediate CAs for also that reason.

@sbeckas 6 месяцев назад

I think this is useful-I do wish you would show how it appears on other browsers besides Chrome

@sykoteddy Год назад

I'm sorry if my question is stupid or totally irrelevant, but how does it look like on the darkweb / darknet, is there any kind of certificates used there or what? Or is that partly why you need to use the Tor browser? I know you need to use the Tor browser because other browsers don't show it though. Another thing I just noticed near the end that I wonder, is if it's a typo in the openssl progra, because it says URl or URI before all the URL adresses, or if it stands for something else.

@neelbhikadiya Год назад

Can a 13.56 MHz RFID System modual Read and Write to a 125 kHzChip?

@young-aliwezzy8415 Год назад

Mr David I'm Ali from Ksa please which books that you recommending me to buy in a amazon please

@swoodc Год назад

what if you make a hack that works after the certificate expires and before its renewed. right in the middle

@desert915 Год назад

Dang thought I had that 1st view on lock. Texas Cyber here!

@davidbombal Год назад

Welcome!

@blackhat5133 Год назад

💖💖💖

@deLuka93 Год назад

Hello, I have the same error with my certificate, on the Microsoft Edge browser (I can only use it, didn't try with other browsers). My Common Name (CN) is exactly the same as the URL I'm using, but I'm receiving a "NET::ERR_CERT_COMMON_NAME_INVALID" error, and the padlock is not secure. Could this happen because my certificate has only CN populated, but it doesn't have any SAN (Subject Alternative Name)?

@robertsutkowski3170 8 месяцев назад

thx👍

@ogurumeodafe4847 6 месяцев назад

Awesome

@CryptoExpert90 Год назад

What do you thing about SUI NETWORK

@scottspa74 Год назад

So this is weird. I was following along in my terminal as Ed used openssl to make the cert human-readable, and on my end, the signatures don't match. 🤔😟 Curious what that means. In the terminal, the certificate ends in ff:ac like Ed got, but in the GUI (chrome) it ends in 7e:49. I even checked that I wasn't accidentally looking at the wrong cert in chrome (like Ed accidentally did), I checked/compared all 3 cert entries in chrome; the cert root, digicert CA1, and Twitter.cow). What does that mean? Close this Twitter session lol ?

@SirPeterlll Год назад

What stops a scammer in making a scamming website and getting the certificates with the SSL? Nothing right? The hard part would be to try and make it to not link to your private info. But if you can fix that then the certificate means nothing anymore for that website.

@thewatcher364 Год назад

but very active websites and old once like twitter , google can not be verified on this your csr

@Ricjamz Год назад

I love that guy for subnetting

@davidbombal Год назад

Ed does a great job explaining subnetting!

@mrityunjayadixit1821 Год назад

Can u tell me a video where he explained subnetting! I'm really struggling with this topic to understand!

@OgbewiOmorogbe 9 месяцев назад

Good

@joeyp978 Год назад

Yes bring him back for more please!!! Go over diffie helman

@hardcoregaming7467 Год назад

How do people crash peoples game online?

@rayenmerghmi5664 Год назад

Keep up

@davidbombal Год назад

Hoping to publish lots of videos!

@rayenmerghmi5664 Год назад

@@davidbombal i wich you talk more about the hardware OP

@ramnikTDM Год назад

♥️♥️♥️

@BuyondoAlfred 10 месяцев назад

Am having a tutorial about cyber security and I want to understand and learn it more

@thomaschristensen1804 Год назад

What if a fake CA made certificates for fake servers? How would a customer then tell the difference?

@harrylumsdon6773 Год назад

and the pinning. major issue

@Merrlin Год назад

I love this content I really do but I had to come back to it a few times because his cadence damn near put me to sleep the first couple watch throughs this video

@georgetsiklauri 7 месяцев назад

Is the certificate an ID card of the Internet? or a particular certificate is an ID card of a particular website? Talking about 5:17 moment.

@johnconnor2478 Год назад

Packet Forensics that is trusted by TrustCor certificates to vouch for the legitimacy of websites has connections to contractors for U.S. intelligence agencies and law enforcement, according to security researchers, documents and interviews.