Lot of videos talk what is SSL and how it works, but your video talks extensively about certificates explaining why one needs to have it !!! Your way of explanation is very simple, without graphics, jargon. Thanks a bunch!!!
I was banging my head from 5 days to understand ssl setup to secure my kafka cluster.. And finally my woes are over. Thanks from the deepest bottom of my heart
I would like to add, for clarity, that: 1. A message encrypted with a public key is used for secrecy - The message can only be decrypted with the corresponding private key, but you cannot verify who the owner is. 2. A message encrypted with a private key is used for authentication - The message owner can be verified if you know the corresponding public key, but is not secret. - This is why a web browsers have a record of public keys for CA Authorities - so they can verify that a "public key certificate" is signed by the a real CA Authority
Beautifully made complex concept so simple to understand. All these years read multiple articles but this 11 min video just made wonders and injecting the complete concept of CA and HTTPS into my head.... Keep doing more of such wonders...
Awesome. Came here for a refresher on HTTPS to prepare for interview and this video was way beyond what I expected to find in such a short video. You just got yourself a new subscriber. I admire people like you who can give so much information in a short time and in a way that is so easy to understand.
After watching a couple of videos on HTTPS, I came to this video, now I feel that I don't need to search for any other videos. Best explanation ever, thanks for this video.
Wow a lot of concepts in a nutshell.... Very effective!! Just one suggestion to add - The CA certificate which is signed by the CA authority statically resides in the computer either through browser or - If we have our own CA certificate, then we implant it into the browser by copying into it. So practically we can also mention in the video where the CA certificate is stored in each case which is the only missing part according to me. Thanks a lot for the video again!
Simple and elegant explanation.. it works as apartment mail box. We provide Public address to all interested party, we buy mail box from apartment building management. USPS post mail in our mail box. Only we have private key to unlock mail box and read all mails. It similar concept applied using cryptography on digital platforms. Thank you very much for the video.
Finally!!! I’ve been looking for so long to understand it. After this video, the whole process now makes all sense in my mind. Awesome channel by the way. Keep doing it!
Thank you my dear man...I was looking for a technical-but-not-too-technical explanation. I am a developer who needs to know just enough and everything else I could find was too basic.
Thank you for this very clear and concise explanantion! Recenty my employer started with MITM monitoring and I found this tutorial video very useful in order to understand that. I also tried to understand the underlying mathematics behind RSA encryption which was quite interesting as well if any one of you cares to know.
More than Indians , corona has infected other nationalities. Get your facts right. And you can stay away stop commenting unnecessarily. I liked it, I commented. Not sure what hurt you.
@@nutandevjoshi youtube is accessible to whosoever can access it, just like you and me. Refrain from making such silly comments. Your problem is not understood. Indian will continue to use youtube, you like it or not, so beat it boy
🎯 Key Takeaways for quick navigation: 01:24 🌐 HTTPS is based on public key cryptography and signatures, which are simpler than they may sound. 03:28 🔐 HTTPS involves a secure key exchange process between the browser and the server. 05:04 📜 Certificate Authorities (CAs) sign certificates to ensure the identity of the server, establishing trust. 07:50 🛡️ Self-signed certificates can be used in controlled environments, but they may not be trusted by browsers. 10:52 🏭 Upcoming videos will cover self-signing certificates and automating the process with Kubernetes. Made with HARPA AI
Here is an uncluttered easy to follow overview of public-private key-pairs and Certificate Authorities. Many educational resources fail to deliver a simple overview of this most basic of subjects. Thank you!
This video was amazing, better than any of the articles I've read. If anyone reading this wants to know more about how public key / private key works, I can recommend Computerphile's video on this.
One of the best videos for understanding SSL. I have been searching for a proper explanation since a long time and this video helped me understand what it really is.
Perfect! What I have been missing everywhere is part 03:39 where it basically says that "only private key owner (the one who created the public key) can decrypt information encrypted with this very public key". I did not understand how the public key is not compromised when sent in first place. Thanks!
You know what? You are the best. Remember my words. You have explained the best way coulb be possible in this universe. I would love to see more videos on security side.
Thanks, man. so actually the truststore only stores the trust CA, not the certificates signed by the CA, is my understanding correct? For example, one CA is google, it signed and give the signed certs to TH-cam1, TH-cam2, TH-cam3. But on my side, I only need to load google CA to the truststore, then, I can connect to TH-cam1,2,3. Is my understanding correct?
Thank you so much for this GREAT video. Finally understood how it all works. PLEASE make more videos like this because you really know how to explain things.
A very good explanation I found after a lot of search that how browsers trust the server cert . Thanks you very much. One thing I would say what kind of the creature are those have disliked this video, shame on you.
Thanks! I can understand the dislikes. First of all, they're in a healthy ratio, less than 2% of votes are dislikes. That can be anything from "I don't like that guy's voice" to random noise created by bots. The 98% likes are high enough for me to gladly accept the other 2%. Having said that, while very helpful the video also isn't perfect. There are a few minor mis-speaks (another commentator pointed out I mixed up "key" and "certificate" at some point), etc. I have a healthy dose of pragmatism and don't expect every single video I watch or make to be absolutely perfect. Viewers shouldn't replace their own critical thinking with watching a video like this. It's a 10ish minute overview over a complex topic in a simple fashion. Some things are bound to be oversimplified in this case. But watching the video doesn't prevent anyone from picking up a book or read a more in-depth article afterwards. It seems 2% of voters demand absolute perfection (or don't like my voice, style, or even the font Helvetica ;-) ) I can live with disappointing them if the other 98% are happy.
When TH-cam sends a certificate signing request to the CA, how does the CA actually ensure that its actually TH-cam that did it and not someone claiming to be TH-cam?
CAs authenticate request via different means (email the public key to administrator @ youtube and ask them it they want the key signed, call the number in their who is, look up the business registration and call that number or others).
In short there is a unique mathematical combination of two keys (public and private key). youtube signs in with its private key which can only be decrypted by its public key(which is in public domain, also with CA). No other private key assigned to a particular vendor(other than youtube, in this case ) can be decrypted by public key of youtube. It follows principal of non repudiation and confidentiality
Nemo G Rubbish. The private key is never sent anywhere, let alone to the CA. Otherwise it wouldn't be private and the key pair would be compromised. Don't post misinformation. The CSR contains a digital signature created with the private key, so that the CA can verify that the applicant owns the public key. There is also an offline process whereby the CA verifies the identity of the applicant.
Signing a CSR (Certificate Signing Request) with an external/public CA, involves confirming identities (I imagine calls will be made to the organization to confirm their identity and the public key they wish to sign. It's not an automatic task, but will certainly require human intervention). The actual signing doesn't take more than a few seconds, but the confirmation and verification can take some days.
I'm learning cryptography and how https works and this video helped me to understand the concept easily. I have a small question. (3:40) Is there a reason behind the browser generating a new secret key, instead of using the public key shared by the server (to encrypt the messages)? I'm not sure why to generate a new secret when we already have a key. As the sever alone (with private key) can decrypt the message and the communication will still be secure.
Symmetric encryption (the new key which both parties own) is much faster than asymmetric encryption. Additionally since both have the key, both can encrypt and decrypt. This means not only can the browser encrypt something which the server can decrypt, but also the other way round. With public key encryption only one way would be possible - as the browser doesn't have a publicly known and trusted key which the server could use to encrypt a message for the browser.
Just wanted to know that the Diffie-Hellman algorithm is not used here to exchange a session key securely between Client-Server. Instead, you mentioned Session Key is encrypted using Server's PubKey by the client. Does the DH algorithm is not needed here? Your all videos are awesome to watch and to gain knowledge. Thank you
no other video on youtube mentioned that asymmetric keys method is just to deliver the key that will be used later in a symmetric encryption communication ! thanks alot !
Ok, i only saw it halfway. And the first part already started to make clearer sense to me. Background: a friend of mine explained this to me without me having any idea of the who does what and why. This video puts things (what I've been taught earlier and what is now being displayed) into perspective. Kudos :)
Thank you for your time and efforts with this video. I 100% completely understand how HTTPS works with the browsers now with self-signed and CA. This even answered a question I had with a security software my company uses and a certain error message I would see. Great work!
Wow. Mate you have amazing skills on explaining things. The neat and the best explanation on Https which I ever seen on the internet. Keep it up ur good work.
@3:55 1. Is the browser generate a new key pair and send it both to the server (Both browser & server have a new key pair) ? 2. When using a new key pair. Which key server use to encrypt and send data back to the browser (Encrypted using a new public key or Just signed using a new private key) ?
public and private key pair is asymmetric stuff. what browser does at 3:55 is generating a symmetric session key. so the same key will be used at both parties for encryption and decryption. little over simplified, but that is the idea.
PurnaChand Medisetty Not 'oversimplified' but completely wrong. The browser does not send the secret key in any way.vit is negotiated via a key agreement protocol.
#2 prerequisite is unclear: if only owner of private key can encrypt a message with the public key then how comes the browser does that (to send the secret) ? So rule #2 must refer to signing only , right ? Also this is how I got it, please correct me if I'm wrong: There are 2 rules behind how this works: 1. a public key can only be decrypted with the private key 2. a certificate can only be signed with the private key. The browser/server "dance" based on these rules is: - browser asks site and receives certificate, signed by trusted authority - browser checks that the public key used to sign the certificate belongs indeed to the trusted authority (and based on rule #2 knows the certificate is indeed signed by the authority) - the certificate contains the public key of the site, which the browser uses to encrypt a secret - the server decrypts the secret using the private key - from now on all communication is encrypted with the secret
6:00 does the certificate signing request contain on the public key? I think the answer is yes, but the video shows that the certificate signing request contains the key “pair “. So, I’m a little confused there. Excellent tutorial by the way.
I had the same question. According to Wikipedia, you are right, the request only contains the public key (which makes sense). en.wikipedia.org/wiki/Certificate_signing_request "[...] It usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and integrity protection (e.g., a digital signature). [...]"
super video consolidated 1 hours of knowledge in 11 mins😇😇 can not believe you are so precise in your words and knowledge , keep the good work like this , really cannot stop myself to give this comment , awesome , fantastic ,mind blowing , superb, i do not have more words to say🏆🏆🎖🎖
I happen to know in my previous learning that there is also a Diffie-Hellman key exchange. So it appears that the symmetric key exchange is done through asymmetric method. I only have rough idea but wondering if handshake procedure can still vary.
Regarding the self-signed certificate. Should the Certificate Authority be placed on a third application/machine, or can the CA be on the same machine as the host application. Because i cant see a problem during it like that, but i might have overlooked something. Great informative video explaining just what is needed and wasting no time. Very good job!
This 11 min video was more educating then an entire course of pluralsight on How HTTPS works. Thank you for this.
It is a fact bro....Plural sight is just waste of our time
Lynda too 😂
Pluralsight has such a bad rep for a reason. Wouldn't bother to give them money for anything.
It's a fact that public youtube videos and human + ai information filtering are better that anything else. Great job
kubucation!
@@kameshkamesh9953 don't forget the money!
Lot of videos talk what is SSL and how it works, but your video talks extensively about certificates explaining why one needs to have it !!! Your way of explanation is very simple, without graphics, jargon. Thanks a bunch!!!
Very true
I was banging my head from 5 days to understand ssl setup to secure my kafka cluster..
And finally my woes are over.
Thanks from the deepest bottom of my heart
I would like to add, for clarity, that:
1. A message encrypted with a public key is used for secrecy
- The message can only be decrypted with the corresponding private key, but you cannot verify who the owner is.
2. A message encrypted with a private key is used for authentication
- The message owner can be verified if you know the corresponding public key, but is not secret.
- This is why a web browsers have a record of public keys for CA Authorities - so they can verify that a "public key certificate" is signed by the a real CA Authority
Great addition, thank you!
Thank you very much, that's the link I was missing.
Awesome. This helped a lot!!
This helped! thanks
so you mean to say google exposes both public key and private key? then the attackers will be able to decrypt right?
I don’t know what it is but listening to videos that explain anything about technology in detail, I find calming. Loved the video.
Beautifully made complex concept so simple to understand. All these years read multiple articles but this 11 min video just made wonders and injecting the complete concept of CA and HTTPS into my head.... Keep doing more of such wonders...
Thank you!
Dude! This is the most simple version of this complex topic I've come across. Hats off!
Awesome. Came here for a refresher on HTTPS to prepare for interview and this video was way beyond what I expected to find in such a short video. You just got yourself a new subscriber. I admire people like you who can give so much information in a short time and in a way that is so easy to understand.
Thanks a lot and best of luck for your interview!
After watching a couple of videos on HTTPS, I came to this video, now I feel that I don't need to search for any other videos.
Best explanation ever, thanks for this video.
Thank you very kindly. You explain better than most profs, teaching is an art and you’re a natural. Keep up the good work
Wow a lot of concepts in a nutshell.... Very effective!! Just one suggestion to add
- The CA certificate which is signed by the CA authority statically resides in the computer either through browser or
- If we have our own CA certificate, then we implant it into the browser by copying into it.
So practically we can also mention in the video where the CA certificate is stored in each case which is the only missing part according to me. Thanks a lot for the video again!
indeed he has mentioned it by saying "browsers comes together with many major ca's public keys."
Best explanation ever found on TH-cam till now
Pratik Joshi wtf
@@nutandevjoshi I am pretty sure you are the king of all sadist bastard in the whole world.
It´s delightful how you role the technical details out and still kept focused on the objective. Grats!
Thanks!
I like it. This video, should be 1st video to view/watch, if anyone is starting with ssl, https, tls etc.
Finally! Finally, someone explains where and how HTTPS uses symmetric keys for encrypted communication!
The diagram at 3:55 is very insightful. It manages to summarize what other videos fail to summarize in 20 minutes. Well done!
Simple and elegant explanation.. it works as apartment mail box. We provide Public address to all interested party, we buy mail box from apartment building management. USPS post mail in our mail box. Only we have private key to unlock mail box and read all mails. It similar concept applied using cryptography on digital platforms. Thank you very much for the video.
Finally!!! I’ve been looking for so long to understand it. After this video, the whole process now makes all sense in my mind.
Awesome channel by the way. Keep doing it!
Many people have the knowledge but far less people have the ability to pass it on. Kudos!
Best, clearest and most concise explanation I've ever seen about this. Kudos!
Wow Sir
I confess, even tough i spend years watching videos on HTTPS,
it was a black box for me until u explained that
My RESPECT SIR
Thank you my dear man...I was looking for a technical-but-not-too-technical explanation. I am a developer who needs to know just enough and everything else I could find was too basic.
This 11 minute clip worth than Most of the lengthy explanations and tutorials. Awesome work. subscribed
Thanks!
Thank you for this very clear and concise explanantion!
Recenty my employer started with MITM monitoring and I found this tutorial video very useful in order to understand that. I also tried to understand the underlying mathematics behind RSA encryption which was quite interesting as well if any one of you cares to know.
This is the best, most precise and concise explanation. Thanks!
One of the best videos over TH-cam. Thankyou for explaining it so well.
I cannot stress enough, how informative and simplified this video..!!
Exactly what I was looking for for a long time!! Thanks a ton. This cleared all my doubts. I am marking this for future reference.
More than Indians , corona has infected other nationalities. Get your facts right. And you can stay away stop commenting unnecessarily. I liked it, I commented. Not sure what hurt you.
@@vaib8940 the word Indian is a swear word to be honest
@@nutandevjoshi youtube is accessible to whosoever can access it, just like you and me. Refrain from making such silly comments. Your problem is not understood. Indian will continue to use youtube, you like it or not, so beat it boy
@@vaib8940 I wish I could half of the Indians
🎯 Key Takeaways for quick navigation:
01:24 🌐 HTTPS is based on public key cryptography and signatures, which are simpler than they may sound.
03:28 🔐 HTTPS involves a secure key exchange process between the browser and the server.
05:04 📜 Certificate Authorities (CAs) sign certificates to ensure the identity of the server, establishing trust.
07:50 🛡️ Self-signed certificates can be used in controlled environments, but they may not be trusted by browsers.
10:52 🏭 Upcoming videos will cover self-signing certificates and automating the process with Kubernetes.
Made with HARPA AI
I have watched around 10 videos with this subject. This was the best one.
For so many years I have been just looking at https in the browser, without ever trying to know how it works. Thanks for the enlightening video👌
Goodness! Wished this video was available much earlier... much better than being taught by professors.
Yeah, right.
Exactly the overview / summary / conceptual-level starting point I was looking for - and, for quite some time, failing to find! Thank you.
R_
This is one of the best explanations about Asymmetrical Encryption and How HTTPS works! Thanks
Here is an uncluttered easy to follow overview of public-private key-pairs and Certificate Authorities. Many educational resources fail to deliver a simple overview of this most basic of subjects. Thank you!
This video was amazing, better than any of the articles I've read. If anyone reading this wants to know more about how public key / private key works, I can recommend Computerphile's video on this.
One of the best videos for understanding SSL. I have been searching for a proper explanation since a long time and this video helped me understand what it really is.
Perfect! What I have been missing everywhere is part 03:39 where it basically says that "only private key owner (the one who created the public key) can decrypt information encrypted with this very public key". I did not understand how the public key is not compromised when sent in first place. Thanks!
This is the first video that clicked. Thanks
One of the best videos on working of HTTPS. Great work @Kubucation.
Thanks!
So far the best HTTPS video i have seen!
This is great! No messing around, no bullshit, straight to the point!
Best primer on knowing how HTTPS works and how certificates are obtained!
You know what? You are the best. Remember my words. You have explained the best way coulb be possible in this universe. I would love to see more videos on security side.
Awesome man!! I have very rarely seen such a concise and effective video.
This is the best explanation video I have seen on Https!!!🙌🙌🙌
Thanks, man.
so actually the truststore only stores the trust CA, not the certificates signed by the CA, is my understanding correct? For example, one CA is google, it signed and give the signed certs to TH-cam1, TH-cam2, TH-cam3. But on my side, I only need to load google CA to the truststore, then, I can connect to TH-cam1,2,3. Is my understanding correct?
Thanks for this - I can see myself coming back to this explanation time and time again, it's so clear.
Thank you so much for this GREAT video. Finally understood how it all works. PLEASE make more videos like this because you really know how to explain things.
Thanks! Do you have any suggestions of complex topics you'd like to have explained?
Has to be one of the best explanations ever, simple and to the point. Awesome job, thanks!
This is the best video on encryption I could reach on youtube, I would have appreciated if tls and ssl were brought to it aswell though.
How on the earth did you create this magic. After eternity I could understand whats happening in the black box. Thank you.
There is no magic. Period
@@nutandevjoshi care to start with yourself ?
@@ameyapatil1139 I am not an unwanted Indian.
@@nutandevjoshi keep your own dumb unwanted opinion to your self
What an explanation! So much clarity and very well explained. Thank you so much for doing this!
Explanation is as transparent as water. Thank you.
A very good explanation I found after a lot of search that how browsers trust the server cert . Thanks you very much. One thing I would say what kind of the creature are those have disliked this video, shame on you.
Thanks! I can understand the dislikes. First of all, they're in a healthy ratio, less than 2% of votes are dislikes. That can be anything from "I don't like that guy's voice" to random noise created by bots. The 98% likes are high enough for me to gladly accept the other 2%. Having said that, while very helpful the video also isn't perfect. There are a few minor mis-speaks (another commentator pointed out I mixed up "key" and "certificate" at some point), etc. I have a healthy dose of pragmatism and don't expect every single video I watch or make to be absolutely perfect. Viewers shouldn't replace their own critical thinking with watching a video like this. It's a 10ish minute overview over a complex topic in a simple fashion. Some things are bound to be oversimplified in this case. But watching the video doesn't prevent anyone from picking up a book or read a more in-depth article afterwards. It seems 2% of voters demand absolute perfection (or don't like my voice, style, or even the font Helvetica ;-) ) I can live with disappointing them if the other 98% are happy.
This explanation is simply superb. It shows art of teaching as well :)
When TH-cam sends a certificate signing request to the CA, how does the CA actually ensure that its actually TH-cam that did it and not someone claiming to be TH-cam?
youtube sends its key pair with the certificate requesting to sign it. Hence CA can know its the TH-cam itself who is sending the cetificate to sign.
CAs authenticate request via different means (email the public key to administrator @ youtube and ask them it they want the key signed, call the number in their who is, look up the business registration and call that number or others).
In short there is a unique mathematical combination of two keys (public and private key). youtube signs in with its private key which can only be decrypted by its public key(which is in public domain, also with CA). No other private key assigned to a particular vendor(other than youtube, in this case ) can be decrypted by public key of youtube. It follows principal of non repudiation and confidentiality
Nemo G Rubbish. The private key is never sent anywhere, let alone to the CA. Otherwise it wouldn't be private and the key pair would be compromised. Don't post misinformation. The CSR contains a digital signature created with the private key, so that the CA can verify that the applicant owns the public key. There is also an offline process whereby the CA verifies the identity of the applicant.
Signing a CSR (Certificate Signing Request) with an external/public CA, involves confirming identities (I imagine calls will be made to the organization to confirm their identity and the public key they wish to sign. It's not an automatic task, but will certainly require human intervention). The actual signing doesn't take more than a few seconds, but the confirmation and verification can take some days.
At last. A video that gave me answers to my questions!!! Thank u brother! Come over for a beer!
I'm learning cryptography and how https works and this video helped me to understand the concept easily.
I have a small question.
(3:40) Is there a reason behind the browser generating a new secret key, instead of using the public key shared by the server (to encrypt the messages)? I'm not sure why to generate a new secret when we already have a key. As the sever alone (with private key) can decrypt the message and the communication will still be secure.
Symmetric encryption (the new key which both parties own) is much faster than asymmetric encryption. Additionally since both have the key, both can encrypt and decrypt. This means not only can the browser encrypt something which the server can decrypt, but also the other way round. With public key encryption only one way would be possible - as the browser doesn't have a publicly known and trusted key which the server could use to encrypt a message for the browser.
@@kubucation Thanks for the Quick reply. I have much clear understanding of the concept now.
Somebody has earned himself a subscription from an unknown stranger from the internet. Nice work.
Thats a damn clear explanation! It has addressed all my doubts. Thanks.
Great video,.. Finally i could get a clear picture of how HTTPS works,...
Just wanted to know that the Diffie-Hellman algorithm is not used here to exchange a session key securely between Client-Server. Instead, you mentioned Session Key is encrypted using Server's PubKey by the client. Does the DH algorithm is not needed here? Your all videos are awesome to watch and to gain knowledge. Thank you
Simply clever and awesome way to depict a complex piece! Nice indeed.
Best explanation on TH-cam on this topic. Thank you sir
no other video on youtube mentioned that asymmetric keys method is just to deliver the key that will be used later in a symmetric encryption communication ! thanks alot !
Thank you for this. I am still struggling to understand but this video helped more than anything I have seen.
Great explanation! So much information in such short time is a form of art
Ok, i only saw it halfway. And the first part already started to make clearer sense to me. Background: a friend of mine explained this to me without me having any idea of the who does what and why. This video puts things (what I've been taught earlier and what is now being displayed) into perspective. Kudos :)
This video 100% clarified my perception on HTTPS
Thank you for your time and efforts with this video. I 100% completely understand how HTTPS works with the browsers now with self-signed and CA. This even answered a question I had with a security software my company uses and a certain error message I would see. Great work!
Very clear explanation to refresh our knowledge, thanks
This video has helped me a lot in understanding how the HTTPS works , Thanks for explaining so clearly . Just Perfect :)
5:25 is not self signed certificate.. dont confuse the beginners..
it is your own CA..
self signed is signed by him self..
Thanks. It's not the easiest thing in the world to understand but you did a good job explaining it.
This is fantastic! The best explanation on youtube !
This has to be one of the best https explanations on TH-cam
Wow. Mate you have amazing skills on explaining things. The neat and the best explanation on Https which I ever seen on the internet. Keep it up ur good work.
@3:55
1. Is the browser generate a new key pair and send it both to the server (Both browser & server have a new key pair) ?
2. When using a new key pair. Which key server use to encrypt and send data back to the browser (Encrypted using a new public key or Just signed using a new private key) ?
public and private key pair is asymmetric stuff. what browser does at 3:55 is generating a symmetric session key. so the same key will be used at both parties for encryption and decryption. little over simplified, but that is the idea.
PurnaChand Medisetty Not 'oversimplified' but completely wrong. The browser does not send the secret key in any way.vit is negotiated via a key agreement protocol.
This was such a good explanation. Thanks for completely eradicating a blind spot for me.
This is one of the best videos made on HTTPS. Thank you!
This is the best video on trusted certificates!
Hi,
I signed in just to say
Thank you very much for explaining this to me. Your video finally helped it click for me.
The best video resource for understanding HTTPS !!
Best explanation on TH-cam on this topic. Can you please give a coding example of this video?
Great explanation. Cannot we just use Diffie Hellman Key exchange to share symmetric key despite using CA and the whole handshake you explained.
#2 prerequisite is unclear: if only owner of private key can encrypt a message with the public key then how comes the browser does that (to send the secret) ? So rule #2 must refer to signing only , right ?
Also this is how I got it, please correct me if I'm wrong:
There are 2 rules behind how this works:
1. a public key can only be decrypted with the private key
2. a certificate can only be signed with the private key.
The browser/server "dance" based on these rules is:
- browser asks site and receives certificate, signed by trusted authority
- browser checks that the public key used to sign the certificate belongs indeed to the trusted authority (and based on rule #2 knows the certificate is indeed signed by the authority)
- the certificate contains the public key of the site, which the browser uses to encrypt a secret
- the server decrypts the secret using the private key
- from now on all communication is encrypted with the secret
6:00 does the certificate signing request contain on the public key? I think the answer is yes, but the video shows that the certificate signing request contains the key “pair “. So, I’m a little confused there. Excellent tutorial by the way.
I had the same question. According to Wikipedia, you are right, the request only contains the public key (which makes sense). en.wikipedia.org/wiki/Certificate_signing_request
"[...] It usually contains the public key for which the certificate should be issued, identifying information (such as a domain name) and integrity protection (e.g., a digital signature). [...]"
This was a very helpful and informative overview of HTTPS and certificates. Thanks for the video and best of luck on your channel!
woderful explanation....thanks for creating such a inormative video!!!!!
Best learning about SSL I ever seen !!!
super video consolidated 1 hours of knowledge in 11 mins😇😇 can not believe you are so precise in your words and knowledge , keep the good work like this , really cannot stop myself to give this comment , awesome , fantastic ,mind blowing , superb, i do not have more words to say🏆🏆🎖🎖
4:06, the "AHA!" moment
Appreciate it and keep up the good work!
What an amazing explanation!!!! Thanks so much for such a clear and simple tutorial of how https works...
Thanks a lot for condensing this important concept in 11 mins and explaining in a simplified manner.
I happen to know in my previous learning that there is also a Diffie-Hellman key exchange. So it appears that the symmetric key exchange is done through asymmetric method. I only have rough idea but wondering if handshake procedure can still vary.
Regarding the self-signed certificate. Should the Certificate Authority be placed on a third application/machine, or can the CA be on the same machine as the host application. Because i cant see a problem during it like that, but i might have overlooked something.
Great informative video explaining just what is needed and wasting no time. Very good job!
Amazing explanation. That was a great way of explaining a complex subject in a very understandable way! Loved it.
Oh wow this was such a beautifully crafted explanation, thank you so much Kubucation
The absolute best and simplest explanation.....using this style pls do more stuff ;-)