Server certificates are intended for securing communication between a server and a client. They typically include the server's hostname or IP address in the Subject Alternative Name (SAN) extension, which allows clients to verify that they are communicating with the intended server. Server certificates may also include additional extensions like Extended Key Usage (EKU) and Authority Key Identifier (AKI) to provide additional security and verification. Client certificates, on the other hand, are intended for verifying the identity of a client to a server. They typically include the client's distinguished name (DN) in the Subject field and may also include a unique identifier in the SAN extension. Client certificates may also include EKU and AKI extensions to provide additional security and verification. When generating client and server certificates, the certificate authority (CA) may also use different certificate templates or configurations based on their intended usage. For example, a CA may issue server certificates with longer key lengths and shorter expiration periods than client certificates, to provide greater security for the server-side communications.
Good Presentation
Thank you, keep learning
great video.
Thank you, keep learning
you have also consul connect
Sorry, dont have on Consul
Usually server does not ask client cert how server knows I need to ask for client cert,
I have made video on TLS communications, pls watch th-cam.com/video/OHmgb7h-2-g/w-d-xo.html
thank you
Hello Sir, which type of question can be asked in the cks exam from this section, Thanks in advance.
There is video uploaded on this
th-cam.com/video/hxox9558ojE/w-d-xo.html
Does any difference in generating clients vs server certs
Server certificates are intended for securing communication between a server and a client. They typically include the server's hostname or IP address in the Subject Alternative Name (SAN) extension, which allows clients to verify that they are communicating with the intended server. Server certificates may also include additional extensions like Extended Key Usage (EKU) and Authority Key Identifier (AKI) to provide additional security and verification.
Client certificates, on the other hand, are intended for verifying the identity of a client to a server. They typically include the client's distinguished name (DN) in the Subject field and may also include a unique identifier in the SAN extension. Client certificates may also include EKU and AKI extensions to provide additional security and verification.
When generating client and server certificates, the certificate authority (CA) may also use different certificate templates or configurations based on their intended usage. For example, a CA may issue server certificates with longer key lengths and shorter expiration periods than client certificates, to provide greater security for the server-side communications.
@@learnwithgvr super sir, may I know client certs distinguished name(DN) , how it's verify this name and confirms this client is good
do we have to use linkerd for cks ?
LinkerD is one good example, you can also leverage custom solution or any other service mesh
Following...
Thanks