Thank you very much. This was extremely useful. You took a very confusing and convoluted process and made it as easy to understand as possible. I was able to setup certs on several home servers that I've been trying to figure out for years. I really appreciate your time making this video. Very helpful.
Hi Christian, I have been watching your videos for ages and with your help I have grown my little raspberry pi "home lab" out into 3 separate servers running more services than I have any business or need to run. I enjoyed this video and it was very informative. Thank you for all the help and wish me luck setting up my own CA.
I subscribed last week, mostly because I'm into Docker and you seem to cover it a lot. You've already proven to be quite useful with this tutorial, which I ran into completely by coincidence. Just wanted to say I really appreciate you, thanks!
I've been trying this for weeks, and you managed to make me understand and actually learn something about certificates. Indeed, you are an excelent teacher! Thanks a lot
thank you, just a note , the file extfile.cnf has to be encoded in utf-8 , you can convert it via visual studio code , otherwise an error will show up "x509: Error on line 1 of config file "extfile.cnf" 8C520000:error:07000065:configuration file routines:def_load_bio:missing equal sign:crypto\conf\conf_def.c:513:HERE--> ■sline 1"
Hello Matifuska, I am running into the same issue. Can you explain me how I encode it into utf-8? I used the Terminal of VS code, but how do I convert it into utf-8?
Thank you. I was tearing my hair out looking for that error in search engine but it didn't help at all. Also, I did all this on Windows and give this error, but i tried again in debian/linux and it works out okay.
I was searching to really solve this trusting issue puzzle for years by relying on Windows CA role and has been impossible. Endless gratitude to you !!!
Thanks a million! I was following some other documented tutorials and none of them seem to explain what is important and what is not. I didn't have a DNS name so I had to rely on IP addresses. After spending 2 days of trying to setup SSL certificates, I finally found and followed your video and it just worked straight away!
Thanks Bro. This explanitation gave me the needed steps to finally learn the SSL certificate concept and creation. All of my internally hosted consols are now secure. It was even possible for me to adjust my certificate chain for a cisco wlc which I wanted to start using. Without your instructions, I couldn't have made this jump. Vielen Dank!
Thank you so much. I had been annoyed by this for a long time. I appreciated very much your way of explaining things with just the level of details needed (at least in my case). I could follow the steps one after the other and it worked fine. I wrote down the process to repeat this in the future. Thank you so much again, from France.
Nice overview about CA's and how Windows trust certificates from websites. And well detailed explanation about the steps to generate a valid certificate. It really comes in handy to me right know, because I was dealing with some troubles to generate a certificate to a local system in my job. Thank you very much! Keep it up! 👏👏👏
Great video! You've corrected the topic in great detail. This will be my reference video on this topic. Keep producing video on these interesting topics. You've got a new subscriber
I had so many issues before trying to get SSL working on my VMware ESXI Server. Now I just used all the steps in this video and replaced the .csr file with the "Generate FQDN signing request" text (copied and put in a text file) that you can generate in ESXI. It instantly worked. Before this Video I "broke" my server so I couldn't access it from the webinterface anymore (had to plug in Monitor & Keyboard to find out that the SSL Certificate was invalid so the webserver didn't start). Thanks for making it this easy to follow👍
Thanks for doing this. I watched it several times (and reviewed your very helpful 'Cheat-sheets' on git). I understand the process for setting up internal CA (with respective keys), as well as the signing request process. BUT, I'm still not sure how to go about creating certificates that have *wild-cards* for an IP range so that I can use more broadly in my home lab environment. I'll keep plugging away with some other how-to tutorials, and eventually I'll have the 'Eureka' moment and it'll all make sense. Nonetheless, your tutorial was very good and much appreciated. Cheers.
Really great, it's been a while since I was looking for this, i've implemented the same concept in Pfsense and made a web server to distribute the CA certificate to others devices
Thanks so much for this video. It really helped me a lot. For a long time I was having problems with other tutorials tying to configure this, and with your video I managed to get everything working really fast. Thanks again!
Thank you for your time and knowledge, an invaluable help, especially because you turned something complex into a simple one, thank you, it has helped me a lot
In addition to this, if you are running Linux a self signed cert also helps you with signing your bootloader and enable secure boot properly ;) ..fun video always enjoy your passion with them!
Thanks for making this video, great explanation of how it all works, reassuring to see all the reading of separate info I've been doing was in a simple video.
Hi Christian, endlich mal eine verständliche und funktionierende Anleitung, wie man selber Zertifikate für sein Homelab erstellen und einsetzen kann. Sehr gut, danke dir! Ich möchte an dieser Stelle auch noch einmal erwähnen, dass ich neben deinen Videoinhalten auch in besonderem Maße die Qualität deiner Videos (Sound, Bild, Schnitt, Lautstärke, Farben, Abstimmung, Präsentation, Darstellung, Stimmung etc.) zu schätzen weiß. Nach meinem Empfinden bildest du damit einen Standard, an den derzeit kaum jemand heran kommt. Weiter so. Uppps, jetzt habe ich doch instinktiv in deutsch geschrieben 🙂
@@christianlempa what ad blocker are you using? the new/blank web page shows 228,000 ads blocked and bandwidth saved. Thanks! and thanks for this video!!
Ok but this is freaky. I was looking for a decent tutorial the whole of today and knew you mentioned it before but couldn't find it lol. At least I know where to look now
Thanks a ton! I have fond memories of adding SSL certificates to web 1.0 programs lol like deadAIM n such. Been really wanting to know more about its potential applications now adays. Appreciate the info. ~
Thanks for taking the time to put together this video tutorial. I understand how to follow through the steps as you're doing them, but unfortunately I don't understand WHY I'm doing it at each step and what each step is doing for me, because there were too many words being spoken and it was confusing. One of the things I was not initially clear on, but now understand why is that I needed to add a linux distro in my lab environment to run openSSL. That's one more thing for me to have to manage! Also, where does it put the files it made? I can't find them. Forgive my rookie questions, first time I'm ever doing this. Very new to linux and to openSSL. Total NOOB here with certificates.
Just trying to mind my own business, watch this vid and learn some stuff when at 1:43...are those Bishop boulders/ Eastern Sierras I see?? Way to win the 'like' smash before the lesson even starts! 🙂 Even if they aren't, great shot/pebbles nonetheless...alright, now time to learn!
Great video, Christian, quick q:n In the git repo, the ssl-certs cheat sheet page that contains all the instructions @timestamp 13:41 of the video was missing. Did see a list of commands under tools, but could not find the instructions referenced in the video. Thanks again for an excellent video
Thanks that worked well except the last step, I had to manually import the ca cert in brave browser (Setting > Privacy and Security > Security > Manage certificates > Authorities > Import) and then it worked :-)
Also the use of ADCS (Active Directory Certificate Services) to create digital certs and ADDS (Active Directory Domain Services) to deploy to all Windows computers attached to the domain.
Okay, I did it. Finally I got that regular padlock in the corner of my browser ^) BTW Ubuntu/Firefox want certificates with '.crt' extension. '.pem' don't work with update-ca-certificates command and aren't imported to firefox.
Thank you very much you SIR!!! you are my go-to youtube channel for my IT carreer! Quick question: what terminal software you used in this video? the UI looks so clean. Thank you
Thank you very much. This was extremely useful. You took a very confusing and convoluted process and made it as easy to understand as possible. I was able to setup certs on several home servers that I've been trying to figure out for years. I really appreciate your time making this video. Very helpful.
Glad it was useful! Thank you ;)
Hi Christian, I have been watching your videos for ages and with your help I have grown my little raspberry pi "home lab" out into 3 separate servers running more services than I have any business or need to run. I enjoyed this video and it was very informative. Thank you for all the help and wish me luck setting up my own CA.
I subscribed last week, mostly because I'm into Docker and you seem to cover it a lot. You've already proven to be quite useful with this tutorial, which I ran into completely by coincidence. Just wanted to say I really appreciate you, thanks!
Thanks man! :)
Might be the most important video I've watched in 5 years, wow. Thanks SO much for this, very well done!
Glad you enjoyed it!
I've been trying this for weeks, and you managed to make me understand and actually learn something about certificates. Indeed, you are an excelent teacher! Thanks a lot
Thank you so much! Glad it helped :)
Your video came just in time to save my day.
Didn't know i could be a CA as well create a SSL certificate.
Amazing
Thanks! Glad you liked it :)
thank you, just a note , the file extfile.cnf has to be encoded in utf-8 , you can convert it via visual studio code , otherwise an error will show up
"x509: Error on line 1 of config file "extfile.cnf" 8C520000:error:07000065:configuration file routines:def_load_bio:missing equal sign:crypto\conf\conf_def.c:513:HERE--> ■sline 1"
THANKS! You can also use Notepad++ at the "Encoding" tab and save.
But powershell script would be the simplest i think :/
Hello Matifuska, I am running into the same issue. Can you explain me how I encode it into utf-8? I used the Terminal of VS code, but how do I convert it into utf-8?
Okay I found it, on the bottom right of the window is it. In my case it was in UTF-16 LE, the change to UTF-8 solved it. Thank very much!
Thank you. I was tearing my hair out looking for that error in search engine but it didn't help at all. Also, I did all this on Windows and give this error, but i tried again in debian/linux and it works out okay.
I was searching to really solve this trusting issue puzzle for years by relying on Windows CA role and has been impossible. Endless gratitude to you !!!
thx ;)
Thanks a million! I was following some other documented tutorials and none of them seem to explain what is important and what is not. I didn't have a DNS name so I had to rely on IP addresses. After spending 2 days of trying to setup SSL certificates, I finally found and followed your video and it just worked straight away!
Thank you! Glad that it helped ;)
Thank you very much for this video. It cleared long standing confusion of Root CA and self signed certificates.
Glad it was useful :)
Thanks Bro. This explanitation gave me the needed steps to finally learn the SSL certificate concept and creation. All of my internally hosted consols are now secure. It was even possible for me to adjust my certificate chain for a cisco wlc which I wanted to start using. Without your instructions, I couldn't have made this jump. Vielen Dank!
Thank you so much. I had been annoyed by this for a long time. I appreciated very much your way of explaining things with just the level of details needed (at least in my case). I could follow the steps one after the other and it worked fine. I wrote down the process to repeat this in the future. Thank you so much again, from France.
Thank you! Im glad you enjoy the content :)
Nice overview about CA's and how Windows trust certificates from websites. And well detailed explanation about the steps to generate a valid certificate. It really comes in handy to me right know, because I was dealing with some troubles to generate a certificate to a local system in my job. Thank you very much! Keep it up! 👏👏👏
Thank you! Glad it helped :)
Thank you very much for opening up your Cheat Sheet doc.
Wanted to find a good place for my own and you have truly inspired a Good Working Practice 😊
Great video! You've corrected the topic in great detail. This will be my reference video on this topic. Keep producing video on these interesting topics. You've got a new subscriber
I had so many issues before trying to get SSL working on my VMware ESXI Server. Now I just used all the steps in this video and replaced the .csr file with the "Generate FQDN signing request" text (copied and put in a text file) that you can generate in ESXI. It instantly worked.
Before this Video I "broke" my server so I couldn't access it from the webinterface anymore (had to plug in Monitor & Keyboard to find out that the SSL Certificate was invalid so the webserver didn't start).
Thanks for making it this easy to follow👍
Thanks, glad it was helpful 😀
Thank you for splitting the video into segments, I already knew the basics and could just skip ahead to relevant parts.
You're welcome :)
just started to dip my toes into self signing so this is wonderful timing that you to made a fresh video about it.
🤗
Thank you! Glad it's helpful 😀
Hands down, absolutely outstanding work. Thank you so much for this video. I absolutely loved it. You earned a sub!
This was exactly what I needed to understand the cert-creation process. Thank you, and I have now subscribed to your channel :D
Thanks! Glad it was helpful 😉
Hi Christian, thank you for that video, it is exactly what I was looking for, followed your steps and it works perfectly. You got one more subscriber.
Thank you so much :)
Thanks for doing this. I watched it several times (and reviewed your very helpful 'Cheat-sheets' on git). I understand the process for setting up internal CA (with respective keys), as well as the signing request process. BUT, I'm still not sure how to go about creating certificates that have *wild-cards* for an IP range so that I can use more broadly in my home lab environment. I'll keep plugging away with some other how-to tutorials, and eventually I'll have the 'Eureka' moment and it'll all make sense. Nonetheless, your tutorial was very good and much appreciated. Cheers.
Thanks a lot! This was superb! Now I can create the certificate to my homelab!
Glad it was useful :)
Really great, it's been a while since I was looking for this, i've implemented the same concept in Pfsense and made a web server to distribute the CA certificate to others devices
Thanks :)
best explanation ever, thank you so much. for the first time, i actually understand ssl certs
After a very long time struggling with it I finally got it working thanks to you! Thank you!
You really know your stuff. So much information in 25 minutes!
Thanks so much for this video. It really helped me a lot. For a long time I was having problems with other tutorials tying to configure this, and with your video I managed to get everything working really fast. Thanks again!
I don't have enough words to thank you !!!!! You saved a life here..
Thank you! Glad you liked it 🫶
No worries, Christian I am very deep into encryption and you explained it just fine and it was not over simplified from a high level it was on point.
Thank you so much :)
@@christianlempa thanks to you!! Entertaining content. My favourite YT Aleman ;-)
Thank you so much, very informative and has finally enabled me to get rid of the annoying warning message when logging into my nas. Great job!
Awesome! Thanks
Thx for the fullchain tip. I had read about it in the Proxmox docs, but just the standalone cert worked for me :)
Np bro! ;)
Thank you for your time and knowledge, an invaluable help, especially because you turned something complex into a simple one, thank you, it has helped me a lot
Thanks!
Awesome -> Simple and Step by Step guide
Thanks man loved your video and simplicity
Thank you so much 😊
Always great content!
Re-watch it?? Not only, study it!!
Absolutely interesting and useful.
Thank you and keep on with this excellent content
Thanks for the kind words
In addition to this, if you are running Linux a self signed cert also helps you with signing your bootloader and enable secure boot properly ;) ..fun video always enjoy your passion with them!
thanks mate ;)
Wow ... amazing !!! ... your step by step is exactly what I need ... and it's working A1 ... thank's for your generosity :)
love the videos pal - literally just finished watching several of your nginx proxy manager videos!
Thank you so much :)
Thanks for making this video, great explanation of how it all works, reassuring to see all the reading of separate info I've been doing was in a simple video.
Thank you so much! ::)
That's exaclty what I did when decide to move all my home network to SSL couple of weeks ago, glad to see we are on the same wave :)
Oh cool, that's funny :D
Hi Christian, endlich mal eine verständliche und funktionierende Anleitung, wie man selber Zertifikate für sein Homelab erstellen und einsetzen kann. Sehr gut, danke dir! Ich möchte an dieser Stelle auch noch einmal erwähnen, dass ich neben deinen Videoinhalten auch in besonderem Maße die Qualität deiner Videos (Sound, Bild, Schnitt, Lautstärke, Farben, Abstimmung, Präsentation, Darstellung, Stimmung etc.) zu schätzen weiß. Nach meinem Empfinden bildest du damit einen Standard, an den derzeit kaum jemand heran kommt. Weiter so. Uppps, jetzt habe ich doch instinktiv in deutsch geschrieben 🙂
Vielen Dank! Freut mich, dass dir die Videos so gut gefallen, da du einer meiner langjährigen Zuschauer bist :D
@@christianlempa what ad blocker are you using? the new/blank web page shows 228,000 ads blocked and bandwidth saved. Thanks! and thanks for this video!!
It is absolutely nuts how many subs you have now. Congrats man! I have been studying to get some certs lately so I'll see how it goes!
Thank you so much :D I still know when we're following each other since the very beginning of this channel ;)
Very helpful, helped filled in some knowledge gaps in private CA's.
Thx! Glad it was helpful ;)
Thanks bro
@@christianlempa
Thanks for this video, your documentation is amazing, it makes it very easy to follow your instructions and I now understand what's happening...
Thanks 🙏
I autommatically press like when i see your videos. Awesome guy!!!!🙂🙂🙂🙂
Very good explanations. The part I was looking for was how to import the ca certificate into the client devices.
Great demo, thx a lot.
You clarified the topic very well.
Thank you for the kind words! :)
Thanks!
Thank you for your support 🥰
Excellent will use it today ! Thanks for documenting all process !
Subscribed. I'm trying to keep my subscriptions list tidy, so take it as a massive compliment!
Thank you 😊
Very great video! This was exactly what I've been looking for days and days. Very helpful. Thx! Keep it up
Thanks, will do!
Thank you for demystifying the concept! It helped a lot!
Ok but this is freaky. I was looking for a decent tutorial the whole of today and knew you mentioned it before but couldn't find it lol. At least I know where to look now
Haha nice :D
Thanks a ton! I have fond memories of adding SSL certificates to web 1.0 programs lol like deadAIM n such. Been really wanting to know more about its potential applications now adays. Appreciate the info. ~
Thanks for taking the time to put together this video tutorial. I understand how to follow through the steps as you're doing them, but unfortunately I don't understand WHY I'm doing it at each step and what each step is doing for me, because there were too many words being spoken and it was confusing. One of the things I was not initially clear on, but now understand why is that I needed to add a linux distro in my lab environment to run openSSL. That's one more thing for me to have to manage! Also, where does it put the files it made? I can't find them. Forgive my rookie questions, first time I'm ever doing this. Very new to linux and to openSSL. Total NOOB here with certificates.
This was exactly what I was looking for.
Helped a Ton!
Thanks
Thanks! Glad that it helped you :)
Thank you, this is just what I was looking for! Very helpful, great video!
You're welcome 😀
Just trying to mind my own business, watch this vid and learn some stuff when at 1:43...are those Bishop boulders/ Eastern Sierras I see??
Way to win the 'like' smash before the lesson even starts! 🙂 Even if they aren't, great shot/pebbles nonetheless...alright, now time to learn!
You are awesome man! Very clean explanation
Glad it helped!
Excellent tutorial. Thanks so much.
Thank you! :)
Thank you so much. You just earned a subscriber here. Great content.
Finally the answer to the most headache of running a home lab!
Thank you :)
thank you so much bro I was going around in circles until I got to this video
Glad it was useful! :D
Loved the video! And yes, please do a deep dive video as well 😇
Thanks! :) Great idea, I like to do more videos about network protocols and security
thank you so much! finally found a working solution at first attempt
Great video Christian! Thank you very much for sharing it with us!💖👍😎JP
Начало видео - "Какой чувак стремный"
В конце видео - "Красавчик, умный, стильный"
Where can I find your notes from this video? I could not find it on your github. Great tutorial. Thank you.
Thanks for the heads-up! I've uploaded the cheat-sheet on my Patreon page, link in the description updated :)
@@christianlempa 🤣
Excellent presentation and content! Bravo and thank you!!
Thanks!
One of the best tutorials thanks!
Glad it was helpful!
Excellent video. Very informative. Good job.
Great video, Christian, quick q:n
In the git repo, the ssl-certs cheat sheet page that contains all the instructions @timestamp 13:41 of the video was missing. Did see a list of commands under tools, but could not find the instructions referenced in the video.
Thanks again for an excellent video
Thanks! I'm currently trying to find a better place for these instructions, as the cheat-sheet has a different purpose
Thanks for the great explanation!
Thanks that worked well except the last step, I had to manually import the ca cert in brave browser (Setting > Privacy and Security > Security > Manage certificates > Authorities > Import) and then it worked :-)
Nice! Yeah every browser handles it somehow differently
Thanks for your helpful videos!
You're welcome! :)
Thank you VERY much for making this video
You’re welcome ☺️
Danke für das Video, das hat unser Problem gelöst
Gerne! Freut mich dass es euch geholfen hat ;)
Very useful. Thank you very much
Thanks 😊
Thanks Alot Father Christimas 😁😁
I love you man, you saved me days
Very clear explanation video! I have subscribed. Just doesn't find the install guide for Macbook in the cheatsheet.
Thanks! Welcome to the club :D
Well done video. Perfect length and explained the basics well.
Brilliant! I am exhausted, must watch again, you're a fast talker LOL
Haha thanks :D
Just reduce video speed to .75
Great video! 👍
This is really helpful. Thank you.
you're welcome :)
Excellent and detailed guide to resolve an issue as complicated as SSL.
What would be different in the certificates if TLS 1.3 is used?
It's worth mentioning that you can roll out the ca certs via group policy on windows clients :) great video tho
Combined with a Samba ADC... ;) Use my Pi for that and haven't had problems so far
Oh yeah that's a great tip, thank you! :)
Also the use of ADCS (Active Directory Certificate Services) to create digital certs and ADDS (Active Directory Domain Services) to deploy to all Windows computers attached to the domain.
@@markarca6360 yeah, an internal ca would be the next step :)
ICH BIN SO GLÜCKLICH DAAAANKE🎉❤❤❤❤❤❤
Thank you very much. Life saver.
Glad it helped!
Your video is fantastic!! Compliment
Thanks for the helpful video as always! 👍👍
You're welcome :)
this channel is gold
Thanks :D
Awesome work.
Thank you! Cheers!
such a great work. thanks!
Glad you liked it!
Okay, I did it. Finally I got that regular padlock in the corner of my browser ^) BTW Ubuntu/Firefox want certificates with '.crt' extension. '.pem' don't work with update-ca-certificates command and aren't imported to firefox.
Thank you very much! I tried to do this and failed a couple of weeks ago. Gonna give it another try.
You're welcome! Hope it will work now :)
It works! Thanks! 😄
Thank you very much you SIR!!! you are my go-to youtube channel for my IT carreer!
Quick question: what terminal software you used in this video? the UI looks so clean. Thank you
Windows PowerShell
This excellent and great video … yes! finally what I needed 👍🏼
You're welcome!
Thank you very much! You saved my day!
You’re welcome ☺️
Thank you very much. You helped me a lot.
You're welcome :)