Digital Certificates: Chain of Trust
HTML-код
- Опубликовано: 30 апр 2017
- This video explains how an Certificate (such as an SSL type) is validated by a client. Concepts discussed are digital signatures, Root CA and Intermediate CA.
This is the 3rd video in a series on encryption and certificates: Other videos are:
Introduction to encryption
Introduction to Digital Certificates
At 14:27, you will see that the CNNIC cert is indeed listed in the keychain of the macOS (an oversight by me). However, built into browsers is a "black list" where the browser itself can invalidate a root certificate. So when Google found the breach, it added code to the next update of its browser that will effectively revoke CNNIC's root cert even though one appears in the operating system's certificate storage area. When users launched Chrome, it will search for an update.. when one exists it installs the new code and .. there.. that certificate is revoked and so Chrome will no longer validate CNNIC's certs. I believe that browsers have both white and black lists of root certs built into their code so they can add root certs, if they don't think one exists in the OS, or invalidate root certs. But all OSes have a central storage area for CA root certs so browsers don't need to store a complete list.
Can we see the blacklist that a browser, has for root certs? Or do you think that is intentionally hidden from end users?
@@DataVids I am not that familiar with the internal workings of all browsers. Chrome contains a CRLset that is a list of banned sites. It can’t be viewed directly but can be dumped with public code. (dev.chromium.org/Home/chromium-security/crlsets).
@@davecrabbe4579 thank you!
Ha, I was about to comment that!. BTW in my key chain it is not. So at some point Apple also removed it.
This has to be the clearest, melodrama-free explanation of digital certificates on RUclips. Thank you for taking the time to explain this.
Thanks Dave! These two episodes on TLS certificates was the best I have seen. Thank you, Thank You.
I finished my IT studies 2 years ago and never got clear in certificates understanding. Now I wanted to acquire this competence once for all. Watched many videos, still didn't get the thing. Then I found yours. This is masterpiece explanations, everything is now crystal clear into my mind. Most of the videos skip steps so it's not understandable. Thank you so much for this high quality lesson.
Thank you Dave, excellent explanation!! Clear and direct. Agreed that this is the best chain certificate explanation I´ve ever seen to date.
Straight forward and comprehensive explanation. This is the only resource on the topic that made sense to me and filled in all the gaps.
Awesome tutorial. I am struggling to understan the chan of trust since ages and today this tutorial has cleared all my doubts. It made my day. Million of thanks to Dave. Long live and god bless you.
clear explanation without using any fluff or word salad, straight to the point! thank you!!!!
Finally! found some quality material... and it was free. thanks
Finally an explanation that connects all the dots! Great explanation.
This is really awesome explanation. Probably the best that i have ever seen till now.
Wow, you made understand those SSL certs once and for all, and it's much appreciated. Also, you have a great hand writing. Keep up the great content sharing in your channel, I'm definitely subscribing.
I had so many doubts / confusion about digital signature and how it works, now i understood completely, thanks for the nice explanation
Sir, the video is simply perfect. I work in IT, I dont play a lot with certs or CA but this was to the point where i had enough to do my job. Thanks :)
This is the best explanation across all articles and videos.
This is the best video on SSL I have come across!
This is by far the best explanation on Certificates.
Indeed!
thanks for taking the time to post these videos. i'm a network engineer and your teaching and explanations are excellent! appreciate it!
Glad you enjoyed it.. thanks
This is the perfect video i found in youtube which explains the concept of cerficate chain.. take a bow Dave
I also had trouble spelling Hierarchical! (Thank goodness for auto correct😁)
Fantastic explanation btw - I've been scouring the web for a decent explanation and after your video I feel my knowledge gap has been quenched. Liked the video so that after I've had a sleep and forgotten it I can simply refer back to the masterclass. Thanks again
I'd like to echo what others have already said and thank you so much for such a clear explanation of this process. I have been able to explain PKI principles to colleagues from the knowledge learnt in this video. I've been an IT professional for the past 9 years and PKI principles have never really stuck but this one made the penny drop. Excellent work.
This is great and simple, finally someone covers how the certificate is verified to actually be from the specific CA.
It's was an deep and easy to follow dive into the e-certificates world. Many thanks!
Excellent instructional "Chain of Trust" SSL process. Thank you for your valuable time. :)
the best explanation on youtube I've found so far
thank you so much for your work!
This was a nice and comprehensive step-by-step overview! I've browsed through a bunch of information regarding certificates, validation etc, and this video turned out to be a gold nugget in a topic where other information sources choose to gloss over the details and specifics (perhaps due to a lack of understanding?).
Some go into too much detail and you never grasp the overall concepts.
Amazing explanation. What I couldn't understand for over 2 months was water clear in less than 30 minutes. Thanks.
A fantastic and clear explanation of the Chain of trust..Kudos!
Thank you! This is the best explanatory video for ssl certificates
One piece of information missing in this video that will be helpful: Data encrypted with the public key can only be decrypted with the private key, and data encrypted with the private key can only be decrypted with the public key. So notice that the hash of the SSL certificate is encrypted with the private key and can only be decrypted with the public key.
Excellent explanation! Searched everywhere to lean more about how the chain of trust worked in detail - finally found it here! Thank you!
Thanks.. older video, but its all built on the same basic concept, so far.
A great presentation about chain of trust and certificates! Really great. Thanks for that
awesome explanation ! cleared my doubt... this clearly explains why do we have chain of trust in the first place...
Searched the Google, searched RUclips didn't find a good explanation of certificate for beginners, THIS VIDEO IS GEM IT HAS ALL THAT A BEGINNER NEED TO UNDERSTAND. THANK YOU FOR THE VIDEO!!!
By far the best video on this subject. Thank you.
Finally a satisfying explanation of certificates, thanks
Thanks Dave for clear cut explanation. Have a good time.
This is the best explanation so far on the internet
One of the best videos to understand chain of trust
This is awesome! You explained it soooo well.
This is by far the best explanation, if you have basic understanding, I learned first 3 chapters from book called PKI uncovered from cisco press and then watched this video, which resolved all the grey areas, thanks man
super! Thanks for the comment.
One of the best and crystal clear explanation I have ever seen !!
I've been watching SSL related videos for the past hour and this explanation at 11:52 was what I needed to fill the gap!
This is not how it works nowadays. If you want information about that part, look for diffie hellmann key exchange.
Yeah the latest version of SSL was deprecated in 2015
The problem is if the private key ever gets compromised at some point in the entire future of humanity, all past communication becomes compromised. Not good. Private key should only be used for identification and after a breach simply be replaced without further damage.
perfect video ,really good explanation to how the chain of trust occurs
great explanation, Thanks Dave for putting this together. really helpful.
Absolutely brilliant explanation, thanks!
Great Video, really informative! Exactly the information I knew I didn't know.. Thanks!
Thank you Dave for the excellent presentation and i like the case study you put at the end.
Seriously love the way, the information provided, clear concept
Many thanks for this clear, concise and well presented explanation,
Best regards.
This is the most amazing video I have ever passed by , because you are the only one I saw that explains the SSL and Chain of Trust in details with a great example.
Thank you very much dear and I am very happy that I have passed by while I was searching on tutorials to understand how this process works.
Best Wishes and Blesses.
Thanks..
this is the best and most simplified explainnation of topic... loveed thatt...thanks much for your efforts
GREAT Explanation, thanks Dave!
Thanks for delving into the details of this process. Other videos don't seem to discuss the details in much depth.
I had to change the speed to 1.25 and the video became so much better! Thank you for the nice explanation.
grin.. I'm older and I go slow these days..
Best explanation about chain of trust I've ever faced.
The best explanation ever I've faced about "Chain of Trust".
By the way, you have the root certificate of CNNIC on your browser. :)
yeah.. I picked that up after it was posted.. I'm still learning too :)
Thank you ! you made it very simple and to the point.
excellent presentation. one of the best. thanks.
Thank you for this very thorough explanation
Done thanks took notes in onenote
Best video on the topic!
Very well explained. This answered a question I was having :)
Just wanted to commend you on the quality of your videos in explaining a complicated subject - I was able to clarify multiple concepts after muddling through several documents.
Glad you enjoyed.. With all the complete details, it is a very complex topic. My attempt was to break it down into only the necessary components so that people understand how the basic principle works.
Thanks for putting and the time and effort in generating the video, it was very informative and helpful watch =)
Thanks for the excellent explanation!
best explanation!! well done
Great and simple.......good job sir
Fantastic explanation !!!
Just one word "Excellent" !!
Awesome explanation Sir......
thank you so much....
Excellent! Thank you!
AWESOME explanation!
Perfect, thank you very much Dave
Great explanation, thanks!
Great video, this helped me a lot!
Very well explained. Thank You !
Very well explained, Thank you
Great Explanation.. Thank you. God bless you.
Thank you very much! Very insightful.
very nice explanation! Thanks
Awesome video. Thank you very much
Thanks for the video. It is really helpful
Thank you, very good explained!
extremely helpful, thanks
Best video of SSL
Your are saving my time thanks
Thanks this was easy to follow and understand.
Excellent explanation..thankyou
great video, very clear.
good one. nice explanation
At 14:25, you can see CNNIC ROOT listed in browser certificate list.
Comprehensive explanation
very well explained!!
thanks for sharing this video!!
Simple and to the point without age old theoretical rhetoric.
This is gold!
Really good explanation
Amazing video
sir you are a gem
Thank you very much for this video
Great tutorial