I recently was working at my internship and i had to shift from http to https through injecting ssl certificates, I did not knew how it works. Thank you for this video.
I just wanted to say a big thank you! I was so confused about SSL certification and how the public and private keys work, despite going through tons of videos and articles. But after watching your video, everything finally clicked! You made such a complex topic super easy to understand. I really appreciate your effort in creating such clear and helpful content.
Hey Piyush, Your teaching style is really amazing. Can you please create a computer networking course for web developers explaining important concepts like OSI model, http, tcp/ip and many more.
It is great explanation , but incomplete one when an SSL/TLS certificate is created, a chain of certificates is typically established. When a client (such as a web browser) connects to a server secured with SSL/TLS, it checks the chain of certificates to ensure that the end-entity certificate (your domain's SSL certificate) can be trusted. This verification involves: 1. Checking if the SSL certificate is signed by an intermediate certificate. 2. Checking if the intermediate certificate is signed by a trusted root certificate that is included in the client's trust store (typically maintained by the operating system or browser).
Even experienced professionals might not be having this clarity about SSL. Kudos to you. One query though, as MMA can happen between client and server, can the same MMA happen between Client and Let's encrypt?
Nice video but perhaps one correction at 15:11 min. SIGNATURE = SERVER PUB KEY + LETS ENC PRIVATE KEY. Since LETS ENC keys are asymmetric, only data(server public key) encrypted with LETS ENC private key can be decrypted using LETS ENC public key. So Client(browser) will use LETS ENC public key to decrypt Server certificate signature(which should be server public key) and verify that server is indeed whom he claims to be.
Great explanation, brother! However, I wanted to clarify a key point about how the digital signature works in SSL certificates. If the signature were made using the Public Key of the Certificate Authority (CA), anyone could replicate it because the public key is freely available. A hacker could create a fake certificate and sign it with their own public key, making it appear valid. Instead, the digital signature is created using the Private Key of the CA, which is securely kept and never shared. This private key signs a hash of the certificate's contents (like the server’s public key and other information). Since only the CA has access to the private key, no one else can generate this signature. When a browser receives the certificate, it uses the CA's Public Key (stored in the browser’s trusted certificate store) to verify the signature. If the signature is valid, the certificate is trusted. In short, the CA's private key is used to create the signature, and the CA's public key is used to verify it. Thanks again for your explanation, and feel free to check out the video I have uploaded with respect to this topic on my channel for further details!
I was randomly scrolling RUclips , and it suggested me, i watched full , the the Explanation was so amazing and the way of explanation was also so cool. Thanks alot
Your way of explanation is superb .. It is very informative, this video clear all my doubt regarding the encryption using symmetric key as well as asymmetric key. Very useful sir❤️
Very clear explanation. watched so many other videos but didn't get clear idea. This video gives clear understanding and explain whole stuff. Thanks for sharing.
The process involves the following steps in digital signature: Hashing: The sender computes a hash value (a fixed-size digital fingerprint) of the original data using a cryptographic hash function. Signing: The sender then encrypts the hash value with their private key, creating a digital signature. The digital signature is appended to the original data. Verification: The recipient receives the original data and the digital signature. They compute the hash value of the received data and decrypt the digital signature using the sender's public key. If the decrypted hash value matches the computed hash value, it confirms the data's integrity (it has not been tampered with) and authenticates the sender (only the holder of the private key could have created that signature).
Thanks Piyush for wonderfully explaining SSL certificate . Please make one video on how to install SSL certificate on server end like root and server certificate and how to setup SSL wallets. Thanks again for great knowledge ☺️
A few major points missed: 1. Diffie Hellman key exchange - You can't simply share your symmetric key via assymetric encryption. (Explained below) 2. What is the need for symmetric encryption at all? Why can't we send all the data via assymetric encryption? - A. Asym encr/decr is a more expensive process, doing it one time is fine but again and again is going to slow things down. B. If server's private key is leaked at any point, all the past transactions are compromised. This will be the same if you share the symm key first via asymm encr. So an ephemeral symmetric key is generated via Diffie Hellman key exchange, which is only valid for that request. This is called Forward Security.
There is a mistake in the statement as well (5:35 - 6:10). In asymmetric encryption, the public key is only used for encryption, and the private key is only used for decryption. However, we can also perform the reverse. We can encrypt text using the private key and decrypt cipher text using the public key in asymmetric encryption. I know he wants to give us an idea about what happens in an TLS handshake, but I'm just correcting it to not assume that in asymmetric encryption, the public key is also used in both encryption and decryption. Additionally, vice versa can be done.
@@RaviPatel-my2mo Yes, and from what he said one should ask, how do we verify that we are talking to the actual let's encrypt? So the concept of certificate chaining is also missing here.
@@AllMightGaming-AMG you both are missing the point here. Common sense... it's a 20-minute video, not a lecture class. He perfectly explained it, and we understood the basic concept.
@@AllMightGaming-AMG first of all gr8 video i was able to get the concept but cant just hacker take the certificate and send a wrong certificate or something like that...
@@Chief_Avy Yes they absolutely can, but here's where the concept of certificate chains comes in. When you sign the certificate for your domain with any globally trused CA, they verify it in some way, like dns. A hacker won't be able to sign it with a "trusted" CA this way for a domain they don't own, the CA is trused for this reason that they don't let people sign certs for domains they don't own. But they definitely can sign it with their own CA, and send the certificate. But your device won't trust that by default, and show a security error you see on browsers where you have to opt to advance accepting the risks. If the hacker can add their CA to your device's trused CAs, then bingo! Your device is going to trust the certificate and the hacker can read or manipulate the data. There are things like adGuard which blocks ads over https if you add it's certificate as trusted. You can also try mitmProxy, which gives you it's CA cert, and if you add it to your device's trusted certs, it'll be able to intercept the traffic but to your device it will look normal
Great Explanation but It raises curiosity in terms What if hacker has compromised the client to server connection and client to Certificate Authority connection ? Wouldn't then he be able pretend as proxy as earlier (in the case of no CA) ? Trying searching for above questions's answer and you will get to know something about root certifications & chain of trust. which is underlying secure foundation of all of this. If user's device is compromised then even root certificate can be corrupted and then no TLS/SSL would be secure.
Thank you so much! Your video and explanation are very relatable and easy to understand. Your presentation reminds me of the CookingShooking Hindi channel :)
Wonderful Piyush, this is your first video which I am seeing, became fan dear, will start following for more content, am also curious to enroll, if you have any courses.
![SSL TLS Explained: How SSL Certificates & Encryption Keep Your Data Safe [HINDI]](/img/1.gif)
The best and the easiest explanation of SSL in RUclips on SSL. Thanks for sharing this
No isse better videos hai
@@sidharthvijayakumar3521 please provide the link of video
no fancy words...no jargons...just kaam ki baat...gazab explanation
So true brother
I recently was working at my internship and i had to shift from http to https through injecting ssl certificates, I did not knew how it works. Thank you for this video.
I am not a CS or IT person. A mechanical engineer but found the subject very interesting. How cool and clear is the presentation. Wonderful
Same here. After completing mechanical engineering now i am a software developer. 😊
I just wanted to say a big thank you! I was so confused about SSL certification and how the public and private keys work, despite going through tons of videos and articles. But after watching your video, everything finally clicked! You made such a complex topic super easy to understand. I really appreciate your effort in creating such clear and helpful content.
Bro Dimak khul Gaye Mera wo video dekh ke . Thanks a lot. Keep it up. Very in depth analysis. Thank u.
Wow, what a nicely explained video. What a clarity of concepts. Keep it up. You won a subscriber today!
Hey Piyush, Your teaching style is really amazing. Can you please create a computer networking course for web developers explaining important concepts like OSI model, http, tcp/ip and many more.
Finally I have a clear understanding on how SSL works, thank you very much for making it this easier. Best concept that learnt today.
Excellent explanation! The confidence you had through the whole video is commendable!
It is great explanation , but incomplete one
when an SSL/TLS certificate is created, a chain of certificates is typically established.
When a client (such as a web browser) connects to a server secured with SSL/TLS, it checks the chain of certificates to ensure that the end-entity certificate (your domain's SSL certificate) can be trusted. This verification involves:
1. Checking if the SSL certificate is signed by an intermediate certificate.
2. Checking if the intermediate certificate is signed by a trusted root certificate that is included in the client's trust store (typically maintained by the operating system or browser).
true bro, I also have same doubt.
Great explanation bro I was having problems understanding how SSL works. Thank you bro
Even experienced professionals might not be having this clarity about SSL. Kudos to you.
One query though, as MMA can happen between client and server, can the same MMA happen between Client and Let's encrypt?
PKI, aka public key infrastructure management is pretty much a closed process as there are only a few certification authorities.
This is the best video I see on SSL. It cleared my doubts on public-private keys and SSL certs. Thanks.
Thank you. The Easiest SSL explanation ever.
best hindi/urdu tech content creator, who makes valuable intermediate content.
OMG, what an explanation 🙌🙌👌👌, ek ek word precious hain video ka. Blessed to be your subscriber.
This was the best way to teach SSL. I'll never forget this topic ever
Honest review: The video is really awesome and knowledgeable ❤❤
Need more videos like this, it's difficult to find such good and useful content.
Thanks for sharing 🙏🏻
Simple and easy way mein samjaya bro.... great video.... need more this type of videos further... Thanks
So detailed and simple explanation. Great work.
Nice video but perhaps one correction at 15:11 min. SIGNATURE = SERVER PUB KEY + LETS ENC PRIVATE KEY. Since LETS ENC keys are asymmetric, only data(server public key) encrypted with LETS ENC private key can be decrypted using LETS ENC public key. So Client(browser) will use LETS ENC public key to decrypt Server certificate signature(which should be server public key) and verify that server is indeed whom he claims to be.
So simple and easy to understand , very few people have this talent to present things so easily . Thank you so much
Amazing way of explaining… after working for so long… today I am clear whats happening 😅
Thank you for making it very easy to understand, I watched 5-6 videos but the proper understanding came here only.
Great explanation, brother! However, I wanted to clarify a key point about how the digital signature works in SSL certificates.
If the signature were made using the Public Key of the Certificate Authority (CA), anyone could replicate it because the public key is freely available. A hacker could create a fake certificate and sign it with their own public key, making it appear valid.
Instead, the digital signature is created using the Private Key of the CA, which is securely kept and never shared. This private key signs a hash of the certificate's contents (like the server’s public key and other information). Since only the CA has access to the private key, no one else can generate this signature.
When a browser receives the certificate, it uses the CA's Public Key (stored in the browser’s trusted certificate store) to verify the signature. If the signature is valid, the certificate is trusted.
In short, the CA's private key is used to create the signature, and the CA's public key is used to verify it. Thanks again for your explanation, and feel free to check out the video I have uploaded with respect to this topic on my channel for further details!
I was randomly scrolling RUclips , and it suggested me, i watched full , the the Explanation was so amazing and the way of explanation was also so cool. Thanks alot
What an excellent and simplistic way of explaining a concept! Best wishes to you Piyush
Your way of explanation is superb ..
It is very informative, this video clear all my doubt regarding the encryption using symmetric key as well as asymmetric key.
Very useful sir❤️
The Best explanation I ever watch on RUclips. Thank you, and Keep working bro ❤
Demag khol diya bhai ssl certificate ke bare me
great video brother thank you
Bahoot Bahoot Dhanyavad Aapka. it was very helpful. Keep sharing such type of knowledgeable things.
Bhai, video ekdum zabardast hai.. for the beginners
Thank you so much I was searching for a detailed video on SSL and saw your video recommendation. Amazing video!!!
Each and every concept is clearly explained..
Outstanding Piyush Ji, effective and meaningful information with diagram.
Best best best... best explanation of ssl in Hindi on RUclips. Thanks a lot, Piyush.
The best explanation I have come across
Thank you for explaining SSL certificate and how it works.
Really loved the way you have simply explained this topic ❤
Thank you bro I'm working in Deloitte as cyber security and this video very helpful
Best explanation with simplest representation
Commenting after so long, thanks for explanation
Mind Blowing, extraordinary and fantastic ! Sir
Very Deeply Understanding, in Very easy explanation..❤
It was just an amazing explanation I have gotten so far.
just amazing... understood this concept almost after two years!
Perfect crystal clear explanation bhaiya thanx a lot,want more such properly explained tech content
Well explained Piyush. Now I understand how it all works
Awesome Tutorial, I've learned major concepts of SSL certificate and encryption from this video. ❤
ruclips.net/video/bVbGW037fYk/видео.htmlsi=aTd0fzvfGJv5UDJ8
Very clear explanation. watched so many other videos but didn't get clear idea. This video gives clear understanding and explain whole stuff. Thanks for sharing.
Truly worth the time Piyush thank you, Requesting a follow up video to create power-shell script to do it in IIS 10.
Thank you for the sharing SSL information. Its really interesting and your explanation is too good easy to understand..
Thankyou, for making it easy to understand with good examples
One of the best explanation of ssl ... Thanks bro. Please make video on csrf as well
Excellent, explained in most easy way ❤
One of the most undestanding video....keep it up bro
A very good explanation Piyush!! Will love to explore more of your videos.
The way you explained it. Very well. Thanks
Great explanation - great pace everything is perfect .
First time watching your videos, Great Explanation 🔥
Excellent Video...and the presentation was superb!
Great Video! Need more explainer videos like this one 🤩
FANTASTIC EXPLAINATION PIYUSH
That's an awesome explanation about SSL certificate. Thanks for sharing this.
Great Explanation, very clear and to the point.
this was a banger video, thank you so much piyush
Have been trying to understand this since long, today I finally learnt it. Thanks.
Great explanation Piyush. Hats off to your efforts 👌
At 15:02, Afaik signature is created via server 'private' key and hash.
Overall great video.
Then how the client will match the public key of server.
@@akaabhinavraj we don't match public key, we compare hash
The process involves the following steps in digital signature:
Hashing: The sender computes a hash value (a fixed-size digital fingerprint) of the original data using a cryptographic hash function.
Signing: The sender then encrypts the hash value with their private key, creating a digital signature. The digital signature is appended to the original data.
Verification: The recipient receives the original data and the digital signature. They compute the hash value of the received data and decrypt the digital signature using the sender's public key. If the decrypted hash value matches the computed hash value, it confirms the data's integrity (it has not been tampered with) and authenticates the sender (only the holder of the private key could have created that signature).
@@adityapandey4415 bhai tum JWT token se confuse mat ho, usne sahi bataya hai, dusro ko bhi cconfuse kar rahe ho.
@@gs-e2d it's cryptography concept remains same.
You can't do encryption and decryption with same keys in asymmetric cryptography.
It's simple maths.
Excellent explanation being a Pakistani I am so proud of Indian tech community which has produced such nice tutors
Awesome explanation.. No bakwaas .. Thanks Bro.
Very clear and one of the best explanation i have seen 🎉🎉
Nice brother, really appreciate your way of expressing your thoughts in a very fantastic and easy way 👍
Thanks Piyush for wonderfully explaining SSL certificate .
Please make one video on how to install SSL certificate on server end like root and server certificate and how to setup SSL wallets. Thanks again for great knowledge ☺️
Peak Quality content 🔥
Top notch explanation 👌🏻
Thank you 🙏🏼
to the point explanation, so informative and truly understandable content.
you mastered to simplify the things Awesome Piyush!
Great explanation. Looks easy to understand with the workflow.
I love the way you explain the concept... thanks for video
A few major points missed:
1. Diffie Hellman key exchange - You can't simply share your symmetric key via assymetric encryption. (Explained below)
2. What is the need for symmetric encryption at all? Why can't we send all the data via assymetric encryption? - A. Asym encr/decr is a more expensive process, doing it one time is fine but again and again is going to slow things down. B. If server's private key is leaked at any point, all the past transactions are compromised. This will be the same if you share the symm key first via asymm encr. So an ephemeral symmetric key is generated via Diffie Hellman key exchange, which is only valid for that request. This is called Forward Security.
There is a mistake in the statement as well (5:35 - 6:10).
In asymmetric encryption, the public key is only used for encryption, and the private key is only used for decryption. However, we can also perform the reverse. We can encrypt text using the private key and decrypt cipher text using the public key in asymmetric encryption.
I know he wants to give us an idea about what happens in an TLS handshake, but I'm just correcting it to not assume that in asymmetric encryption, the public key is also used in both encryption and decryption. Additionally, vice versa can be done.
@@RaviPatel-my2mo Yes, and from what he said one should ask, how do we verify that we are talking to the actual let's encrypt? So the concept of certificate chaining is also missing here.
@@AllMightGaming-AMG you both are missing the point here. Common sense... it's a 20-minute video, not a lecture class. He perfectly explained it, and we understood the basic concept.
@@AllMightGaming-AMG first of all gr8 video i was able to get the concept but cant just hacker take the certificate and send a wrong certificate or something like that...
@@Chief_Avy Yes they absolutely can, but here's where the concept of certificate chains comes in. When you sign the certificate for your domain with any globally trused CA, they verify it in some way, like dns. A hacker won't be able to sign it with a "trusted" CA this way for a domain they don't own, the CA is trused for this reason that they don't let people sign certs for domains they don't own. But they definitely can sign it with their own CA, and send the certificate. But your device won't trust that by default, and show a security error you see on browsers where you have to opt to advance accepting the risks. If the hacker can add their CA to your device's trused CAs, then bingo! Your device is going to trust the certificate and the hacker can read or manipulate the data. There are things like adGuard which blocks ads over https if you add it's certificate as trusted. You can also try mitmProxy, which gives you it's CA cert, and if you add it to your device's trusted certs, it'll be able to intercept the traffic but to your device it will look normal
Your coolness attracts to learn more from you 😊
The presentation and explanation by breaking it up is amazing.
Piece of advice: Don't repeat the sentences and same thing again and again.
Great Explanation but It raises curiosity in terms
What if hacker has compromised the client to server connection and client to Certificate Authority connection ? Wouldn't then he be able pretend as proxy as earlier (in the case of no CA) ?
Trying searching for above questions's answer and you will get to know something about root certifications & chain of trust. which is underlying secure foundation of all of this.
If user's device is compromised then even root certificate can be corrupted and then no TLS/SSL would be secure.
Thank you so much! Your video and explanation are very relatable and easy to understand. Your presentation reminds me of the CookingShooking Hindi channel :)
Wonderful Piyush, this is your first video which I am seeing, became fan dear, will start following for more content, am also curious to enroll, if you have any courses.
Awesome and easy to understand explanation!
Thanks for the useful information. Waiting for more such videos ❤
You have explained it really well. Thanks a lot!
super in depth video of SSL certifiace , please create video like these type of topic, Thankyou in advance
What a timing, i needed this video today only
So well explained , keep the good work brother
Such a fabulous teaching sir ❤
Great. No word for praise.
Thanks, Piyush, very nice explanation.
Thank you so much for this video and a great explanation Sir.
Nice explanation. complex topic explained in very simple language. Thanks!!!
Nice video... Please make such more knowledgeable videos.. it motivates us to watch.. have nice journey ahead 😊
Hi thank you so much for explaining this in such a simple way.