Комментарии:
amazing explanation, thank you ☺️
Ответитьbest explanation still
ОтветитьDid not lose my attention for 1 sec..it was quite deeply informative and engaging
ОтветитьCan we share zscaler root certificate to anyone??
ОтветитьAmazing video !
ОтветитьMaaaaan, That was crazy simple explaination. Enjoyed it. Thanks a lot.
ОтветитьAbsolutely awesome ! Very well explained and I loved the Kazakhstan anecdote to illustrate the problem that could happen. Thank you so much !
ОтветитьPlease make a video on how they are created and also about root certificate aaaaand certification with regards to antivirus and application software
ОтветитьHussein, thank you for your videos I've been watching a few of them last few days and noticed today in your background you have a bunch of programming books. How useful would you say it is reading books to truly understand a concept vs just either just getting dug in the problem or watching videos etc.?
E.g. lets say there is a concept I really need to understand in Azure and how to setup certificates, key rotation and be able to setup some form of automation testing. Now I have such limited knowledge on everything that entails.. when do you think is a good idea to just slow down and pick a book up rather than attack the problem head on always? This might be a video idea for you!
Really helpful video. Excellent and clear explanation. Just subscribed ur channel, continue to create more such videos 👍
Ответитьyou just made things simple.good job!
ОтветитьI have a Skills Proficiency certificate for Basic Plumbing... Those that mean I'm a Plumber?
ОтветитьThanks Hussein for all of this. Helps a lot! Can you (or anyone reading this) expand on why the man-in-the-middle can't just forward the certificate provided by Google to impersonate Google for example. That's the only piece im missing!
ОтветитьWhat if there happens to be a MITM attack between google server and certificate authority and the attacker gets certificate sent by CA to google?
ОтветитьIf I on my browser can get google signed certificate, can't man-in-the-middle get it too and forward it back to the client?
Ответить@hnasr, can you help me pls? I am opening exe file with 7zip and have .tls (empty file in Windows CRLF encoding) and CERTIFICATE ( file in Macintosh CR encoding, where all symbols messed, except strings indicating urls to .crl and CA names) Can you reproduct the same on your exe and explain what this .tls stands for? And how to decode CERTIFICATE?
ОтветитьThe example of Kazakhstan helped me understand the whole topic 😂
ОтветитьI could be mistaken but it may be wise to apply Preventative maintenance efforts when it comes to the CMOS battery. Again I could be misunderstanding but if the CMOS battery fails or the NTP server, this may require manual peer list to align with the domain controllers. Are these concerns? Maybe a good discussion you can shine light on? I’m guessing locking out all end user accounts will allow to re-sync. Is this paranoia? Or do I have the right idea?
ОтветитьExcellent! Thank you! One question: What stops the man-in-the-middle from taking the certificate he recieves from google and passing it on to the client?
ОтветитьSTOP TRAILING OFF YOUR SENTENCES INTO LOW VOLUME!!! Some of us are trying to HEAR things explained.
ОтветитьThis video was literally so helpful. We really need more people who teach like you in computer science.
ОтветитьPoor Karen... even "man in the middle" has become "Karen in the middle" now :D
ОтветитьGood stuff here. I love the 'why' approach to teaching with the real life example. To solidify the knowledge you add the memorable story about Kazakhstan. Thanks for this
ОтветитьIs he on crack
ОтветитьTop tier video, literally watched it through and through. Thank you!
ОтветитьExchange migration could be one useful when here.. however the very real issue (most overlook) is in order to keep 'that trust' the new server must be the same...During a live migration, this is technically impossible, as two servers cannot have same name on network, and allot of things break if you try and change name on new one to old name afterwards...
So MS, and probably few others, just say "its not advised" and its more convent to just "get new one"
Well.. ya, if you wanna go down THAT path, but sometimes you just wanna keep the name.. Everyone goes silent.. And besides,,, it will save the cost of a cert by moving one over.. These days,, i think no one wants people to migrate certs is not because it cannot be done, but because everyone wants $$$$$
very well explained
Ответитьgreat explanation thank youu
ОтветитьIt looks like you have a great content and you know a lot, but unfortunately I cannot bear your expression style. It is like too overacting to me.
So I won't dislike, but I am out. I hope you accept my honest feedback with no bad feelings, it was meant just to share opinion and maybe make you improve the delivery, so it can produce the highest value to the maximum number of people ;)
How CA verifies that those who claiming to be google are actually guys from google and not random guy claiming to be google?
ОтветитьMy new android comes with root CA from China, Hong Kong, Taiwan, Japan, and a few other countries. Wouldn't I want to shut those off? Why would my device need to trust their site?
ОтветитьThank you for the explanation!
ОтветитьBeautiful explanation thanks!
ОтветитьDude youre awesome! Thanks a bunch for this video!
ОтветитьGreat video. I have one question, why can't google themselves provide a certificate? For example, if they encrypt a file with their private key and send it back to you and then you use their public key to decrypt the file. Since you're using their public key to decrypt the file, that means that only the person who had the private key could have encrypted that message.
I understand this might be difficult to implement because instead of keeping track of a few CA public keys you would need to locate the public key of each endpoint you were communicating with.
Hello
Nice video...can you explain what is an intermidiated certificat?
THANKYOU.
ОтветитьGreat informative video Hussein; I got a doubt about how servers generate public and private keys which are already not registered with CA? suppose "server A" generated a key pair and sent it to the CA(only public key, as your pinned comment says) then "server B" generated the same key pair and send it to the CA, how CA will handle this ambiguity? I don't know what I am saying is even correct...
Ответитьis that possible to have a illustration it would be way more better to understand it! thanks!
ОтветитьGreat video, thank you for taking the time to make it.
ОтветитьSo even with an Asymmetric key using both public and private on both ends can the information still be intercepted as explained or was this lesson in reference to symmetric single key encryption?
ОтветитьIs my certificate of authority downloadable? If yes what is it called on FMSCA portal? Thanks
ОтветитьThanks a lot for the great explanation.
Ответитьyou're fantastic!! I can't wait for your videow to absolutely blow up, great quality
ОтветитьI think we need to redefine what "authority" is
ОтветитьGreat explanation...
ОтветитьThanks.
Ответить