SSL Certificate Revocation | The Backend Engineering Show

preview_player
Показать описание
Certificates contain useful metadata including the public key, domain name, signature, etc. However, the private key can be leaked which causes the certificate to be invalid/dangerous to keep around. In that particular situation, we need a mechanism to revoke certificates and that is what I’m going to discuss in this show.

0:00 Intro
0:30 Why Certificates
12:00 Certificates can go bad
14:50 Certificate Revocation Lists (CRLs)
18:30 OCSP (Online Certificate Status Protocol)
20:40 OCSP Stapling
24:30 Best certificates are short
26:30 Summary

Become a Member on YouTube

🔥 Members Only Content

Support my work on PayPal

🧑‍🏫 Courses I Teach

🏭 Backend Engineering Videos in Order

💾 Database Engineering Videos

🎙️Listen to the Backend Engineering Podcast

Gears and tools used on the Channel (affiliates)

🖼️ Slides and Thumbnail Design
Canva

🎙️ Mic Gear
Shure SM7B Cardioid Dynamic Microphone

Cloudlifter

XLR cables

Focusrite Audio Interface

📷 Camera Gear
Canon M50 Mark II

Micro HDMI to HDMI

Video capture card

AC Wall for constant power

Stay Awesome,
Hussein
  1. Hussein Nasser
  2. hussein nasser
  3. backend engineering
  4. certificate
  5. certificate authority
  6. OCSP
Рекомендации по теме
SSL Certificate Revocation 0:27:21

SSL Certificate Revocation | The Backend Engineering Show

What Is A 0:03:00

What Is A Certificate Revocation List? | Mark Sanders

How to revoke 0:00:40

How to revoke SSL certificate in windows

how to turn 0:00:27

how to turn off the certificate of revocation

Digital Certificates: Chain 0:16:41

Digital Certificates: Chain of Trust

Digital Certificates Part 0:08:22

Digital Certificates Part 2: Certificate Revocation CRL vs OCSP

Revocation of digital 0:06:40

Revocation of digital certificates: CRL, OCSP, OCSP stapling

CRL vs. OCSP: 0:02:08

CRL vs. OCSP: Certificate Revocation Explained

Cyber Security Demos 0:09:14

Cyber Security Demos | Certificate Request, Issuance and Revocation

What is a 0:03:28

What is a Certificate Revocation List (CRL)?

How to revoke 0:04:34

How to revoke and unrevoke a certificate

How to Revoke 0:01:10

How to Revoke SSL/TLS Certificates Using OpenSSL

QTNA #24: Certificate 0:03:13

QTNA #24: Certificate Revocation

Certificates Gone Bad! 0:09:42

Certificates Gone Bad! Certificate Revocation Techniques Explained (CRL, OCSP, OCSP Stapling)

SSL-Verbindung blockieren mit 0:02:57

SSL-Verbindung blockieren mit Certificate Revocation Lists (CRLs) | Splunk Tutorial

How SSL certificate 0:06:30

How SSL certificate works?

How to Revoke 0:00:42

How to Revoke & Delete a Certbot/letsencrypt SSL Certificate

How To Fix 0:01:27

How To Fix SSL Certificate Error Windows 10/8/7

83,000 SSL/TLS Certificates 0:01:25

83,000 SSL/TLS Certificates Revoked

Certificate Revocation List 0:04:54

Certificate Revocation List (CRL) - Everything You Need to know

What Are Certificate 0:02:43

What Are Certificate Revocation Lists CRLs and OCSP PKI Revocation Best Practices?

This certificate has 0:04:45

This certificate has been revoked by its certification authority

DigiCert to Revoke 0:00:37

DigiCert to Revoke 83,000 SSL Certificates: What You Need to Know

How do I 0:03:05

How do I check if my SSL certificates have been revoked? (4 Solutions!!)

Комментарии
Автор

Your channel actual gives me joy. I can always expect to click on the next video and have my mind wowed and knowledge base expanded. There's just a lot about computer science I didn't know I didn't know, and this is just stuff related to the internet.

shiewhun
Автор

Your content is so satisfying to watch, thank you

smileyface
Автор

This is a great listen. While sad that these certificates and server speeds CAN be forged to attack low paying or free-ium customer, dishonoring senior members with these bad habits. The internet isn't old enough to understand of proper-lock pings while any basic tech-head can change the IP and Speed-Id to 1 intead of 8.

XSilver_WaterX
Автор

Video quality is drastically improved today whats new here?

supersu
Автор

Fantastic explanation. I loved this channel.

vasachisenjubean
Автор

Awesome as usual. I have a question. Does certificate revocation check need to be enforced in client-side code? or is it taken care by default SDK?

deekusnotes
Автор

Great content as usual!
Something feels wrong about the framerate though...

TheOrioNation
Автор

Could you please make a video about certificates for backend engineers?

vimukthirandika
Автор

Hey Hussein, My backend take long to respond due to tcp+ssl. What we can do to improve connection response time of server. It took more than 200ms just to connect to server. Note: i am using cloudflare to reduce dns time but it didn't work on first request.

AkshayKaushik
Автор

In the same way that certificates can be faulty, can OCSP stapling be faulty too? Furthermore, can an OCSP server hosted by the service give a false authentication as a malicious attack?

davidong
Автор

is it possible for certificates to have multiple certificate authority signatures to be valid (s.t. the compromise of one CA doesn't affect all certificates).

spencers
Автор

Do some research on the process for getting a root cert added automagically with windows. Roots certs are not there in current Windows OS's. They were back in the XP days but since i think windows 7 there's a new process. but yes, if someone adds a cert manually into the root cert store, game over, your OS now trust that cert.

RyanBess
Автор

How can you disable OCSP on your server if clients asks for it !

bashardlaleh
Автор

7:10 DNSSEC DANE TLSA Usage 3 record of course, right ?
Darn, guessed wrong again. ;-)
Edit: I know the video has gotten pretty long, but something that was missing: Certificate Transparency.

autohmae
Автор

Can you talk about SSL pinning certificate renewal strategy on Client and Server?

majidaljishi