Secure your Cloud Services with TLS X.509 Client Certificates

preview_player
Показать описание
How to secure Internet Servers with X.509 Client Certificates? How to deploy X.509 Client Certificates ? How does a Certificate Signing Request (CSR) work ? In this hands-on video we will run a little nodejs Server that requests Authentication with an X.509 Client Certificate, we will Sandbox a CSR with XCA and we will have a look at OpenXPKI which is a great Software to automate processes around TLS and Certificate Generation, Key Management and the like. Last but not least I show a Blueprint on how to securely link a hosted MQTT into your home automation Software.

0:00 The use case
1:27 Get the Demo Server from my Github repo
4:20 How to generate client certificates
5:37 How secure is this?
8:04 How to deploy client certificates
9:16 Certificate Signing requests (CSR)
12:45 OpenXPKI
14:10 A blue print for a secure MQTT / Home Automation App

  1. OneMarcFifty
  2. Client Certificates
  3. X.509 Client Certificates
  4. X.509 Authentication
  5. TLS Authentication
  6. Server Certificates
Рекомендации по теме
Secure your Cloud 0:15:57

Secure your Cloud Services with TLS X.509 Client Certificates

Is CLOUD STORAGE 0:07:49

Is CLOUD STORAGE Secure? 4 Steps to Control YOUR DATA!

How to secure 0:05:51

How to secure your cloud environment

Cloud Security Explained! 0:12:24

Cloud Security Explained! Hear from an Pro Hacker!

Defender for Cloud 0:20:50

Defender for Cloud Apps - Lock Down Your Cloud Apps & Protect Data

STOP using Cloud 0:08:44

STOP using Cloud Storage! Do this instead:

The BEST Cloud 0:09:54

The BEST Cloud Storage in 2024? Dropbox vs Google Drive vs iDrive vs Sync vs pCloud vs OneDrive

How to Burn 0:09:00

How to Burn Money in the Cloud // Avoid AWS, GCP, Azure Cost Disasters

Top Tips for 0:00:31

Top Tips for Secure Cloud Data Storage #cloud #ai #cloudsecurity #cloudcomputing #security

What is Cloud 0:10:17

What is Cloud Security?

What are cloud 0:01:33

What are cloud services and how can they benefit your business?

Top 5 Private 0:08:50

Top 5 Private Cloud Services That Respect YOU!

Cloud Computing In 0:06:24

Cloud Computing In 6 Minutes | What Is Cloud Computing? | Cloud Computing Explained | Simplilearn

What is Cloud 0:02:56

What is Cloud Security and Why Do You Need It?

Humans and Data 0:42:25

Humans and Data Don’t Mix: Best Practices to Secure Your Cloud

build your own 0:47:13

build your own cloud

Securing your cloud 0:16:34

Securing your cloud transformation from the beginning

AWS vs Azure 0:13:25

AWS vs Azure vs GCP | Amazon Web Services vs Microsoft Azure vs Google Cloud Platform | Simplilearn

Mitigant - Secure 0:01:45

Mitigant - Secure your cloud in just 15 minutes!

Secure Your Online 0:01:06

Secure Your Online Business Transactions with Cisco Cloud Security Solutions

How to Secure 0:42:16

How to Secure and Protect Your Data in Cloud Storage (Cloud Next '19)

What's your #cloud 0:09:26

What's your #cloud #migration #strategy?

Cloud Security Solutions 0:06:32

Cloud Security Solutions - SY0-601 CompTIA Security+ : 3.6

VMware Cross-Cloud Services 0:05:49

VMware Cross-Cloud Services for All Applications

Комментарии
Автор

This third episode very confirm I havn't studied enough in my job, Marc.

pberto
Автор

I really do not know how i watched the best of best tutorials for free here.

nvxmpqc
Автор

Not only excellent content, but also structured and examplified to perfection. And on top of that, it was fun to listen to it. Great tutorial.
Abonniert

jankoweise
Автор

beautifully explained, Thank you Marc

SparklingVega
Автор

That was awesome Marc!! Very well explained

dpg
Автор

I like the "Certificate Signing requests (CSR)" part

mihai
Автор

Thanks for sharing this 3 videos, very informative and useful tools and tips! Great to have a smaller attack vector on our hosted stuff!

edwardvanhazendonk
Автор

Hi Marc,
I am using this playlist as study material for LPIC-3 exam, is really difficult find a good material about this subject and well-explained as you did in this playlist. Thank you so much!

BrunoAlves-jntj
Автор

More of these for sure!
Revocation of the same?
Use this with;
NextCloud?
Pfsense management portal?

raunomakela
Автор

To come back on my comment on the 1st video, I've done some research and, apparently, SSH don't support X.509 certificate natively. But, you still can generate CA keys with OpenSSL and use the same technique to secure a SSH connection.
I'm trying to generate a X.509 key on my Yubikey and use this key a autehntication for a SSH server. But I must use SSH CA and Keys instead. (Which still can be stores on a Yubikey anyway, but are harder to access)
But, as always your videos are really great stuff!
Thanks!

tissandre
Автор

very thorough and helpful for my current project, thank you!

ganonbit
Автор

Also it's worth noting that TLS certificate is successor to ssl thus more secure.

raughboy
Автор

Thanks for another great video Marc. I am wondering, how do you handle (client) certificate revocation? If certificates cannot be revoked, the application might be as well considered insecure imho. (I know, explaining it add minutes to the video, but I think it is worth explaining how it is done.)

remyzandwijk
Автор

Thanks a lot. Your videos are very helpful and informative. Keep up your good work

electrotsmishar
Автор

green screen quality getting better with the light

RifatErdemSahin
Автор

Superb! Let's if you lost your phone. How do you revoke that trust from the phone to your VPS from opening your garage door?

BS-myky
Автор

Great video again Marc!
Is it just me that has the home network features track your video topics? :)

I have a question on this one. In the video you mention that there is no need to punch through the firewall and i have seen/heard this in other videos/tutorials on home security offering different solutions. Can you please explain (in the simplest way that only you can :) ) how is a certificate better than using wireguard for example? You mention at about min 15 no VPN, no firewall holes. I get how port forwarding is different and how passwords are insecure but even in this video you talk about connection on port 8443. So how is that more or less secure than wireguard into openwrt on port 51820. Both use public key cryptography and both use fixed port connections. The only difference i see is that may be in the example with the MQTT you give the home router does not need fixed IP... but there are ways around that as well for a vpn. In a wireguard set up i only need exchange the public keys as well similar to the sign request. What is it that i don't see?

BoyanYanakiev
Автор

This series was amazing! I am following your videos and managed to set up a VLAN and I am kinda excited haha. Thank you :)
A quick question though. I want to be able to access my home but was thinking if there was a way I can reject connections at the packet level, for minimizing issues with applications security issues. Is that possible? If so, how do I do that?

dexterman
Автор

Awesome tutorial? Can someone share the links of the first 2 videos of this series

TahaZabuawala
Автор

Great video, thank you! Is this secure enough? Would a DMZ (e.g. for IoT devices) still be necessary to avoid potential access to my LAN (other private devices such as my PC)?

naiko