Відео

Thank you but it would make more sense if you showed 2 different apps client and server and adjust the application.yml accordingly.

sachin, this was an absolutely brilliant demo. by far one of the best - both in terms of completeness and complexity but while being very clearly and simply explained. AWS would be lucky to have you doing some of their tutorial videos. big thanks from a guy in the tech department of one of the movie studios here in LA. 🙏

Hi Sachin, I am trying to implement mTLS in tomcat. But it's not validating the leaf certificate. Just presence of root and intermediary seems enough. Can you please help how to ensure leaf level certificate validation

The explanation and article are beneficial, one feedback is to clearly specify to pass the "public key of " client/server/CA else it may be confusing for people. I first learnt about Asymmetric encryption then came here and it helped.

awesome explanation with an example

🎉❤❤ very good just make in hindi

Thanks, so logically, we can't have public subnet in vpc 2 and 3 if we would like to have all traffic come through transit gateway.

How can I do this in Kraft mode

Dear Why I connect by command, curl -sSX GET <minikube ip>:<nginx-service port>/ip, but received: failed, after 21013 ms: Couldn't connect to server. Regard

Hi, Which tool you are using to executr this MTLS?

Hi Sachin, do you have an email, i would like to contact you

brother help is required ..please response if possible

One of best explanation I found so far :) , Loved it. Keep up good work

Root cert was Lil confusing.else it gave me a fair idea

Well explained 👏👏🙌

@06:50 can you explain what is the -cacert you are passing in curl command, is that the client ca cert? if so why we are sending client ca cert to server?

yes this is helpful @sachine

Short and to the point, excellent !!

hmm, your VPC is not private at all, you have a public IPv4 isn't it

One small correction, our browser or any networking tools like curl, wont validate to CA directly , every browser and networking tool while installing will have a default public key of many CA's eg: symantec, digicert public key stored in some location on our host, using that it will decrypt the server certificate sign if public key in certificate and decrypted sign matches then it is legitimate. To view CA public key in linux go to /etc/ssl/certs

Very nice.

Hello Sachin, I appreciate the thorough explanation. I have a question: If AWS VPC1 and AWS VPC2 are in separate accounts, how can we add both VPCs to the hosted zone to utilize a common VPC Interface endpoint created in VPC1?

Why you skip the curl command part?

thanks for the help

Is this ads on video or video on ads

@sachinshukla6047 github link ?

very nice video. thank you @sachin

Very nice explanation. Great job

Lol man u haven't implemented any intermediate events, u still need an input to stream to release hold last event...

Hi Sachin. Thank you for this interesting video. Could you explain me why we need to uncheck the private dns integration during the VPC endpoint creation? Can we have a PHZ automatically integrate with the shared VPC and associate it to spoke VPC? Or manually create PHZ zone for the endpoint service, register the VPC end point dns as alias record and associate it with the spoke VPC while keeping the integrated private dns on the shared service VPC? Thanks

Hello sachin - how do contact you.. I have some professional need

Thank you, @Sachin, for such great content. It is really helping me a lot! Now, for any ADHD viewer here, like me, just go get your coffee, take your time and come back to focus: i can assure you that it's not your whatsapp notification poping. Just (try to) ignore it and enjoy the lesson.

i mean is it same when i integrate several certificatesfiel which are included in cert chain into one cert file as ca.crt,then i used the client.crt which is not changed and integrated atalld to auth?i just failed in traefik environment.

but when i set up mtls in traefik,the cert returns the server.crt,but my leader told me cert chain containing several cert files including server.crt and ca.crt is normal but not single cert as server.crt

The way you did it, aren't you exposing your ALB to the world? In your diagram, you are considering the ALB as private (which would be accessed only by Cloudfront). Did I miss something? Thanks for the tutorial, anyway.

Very bad audio 🔉🔉

Good One. Explained well.

dude.. loved it. great stuff

Hi sachin, it looks like a CP central

One trap I fell in for modern browsers, they don't really care about CN field anymore, rather they need it to be listed in the SAN (Subject Alternative Name) field

have you by any chance done a build of this where the go is deployed inside a docker container.... ie to be deployed on a K8s cluster....

Thanks for the video mate, very useful!

One thing I am still confused about. If we use our client public certificate to send to the server and the server simply checks the trust store to make sure it's a trusted client - how does the server know that some other unauthorised/malicious client isn't using our public certificate and pretend to be us? it is a public cert after all Or are we saying this certificate is not truly public and should be treated like a private key? _______________ OR - do we say that no symmetrical key is generated, and instead both parties use the received public key to encrypt data (ensuring that the recipient can only read if they hold the private key)?) My idea would be server would encrypt some data using the public key, send to client and client must send back correct result to verify client holds the private key, THEN and only THEN can a symmetric key be used - but this is not explained anywhere. Please help (::

tks from Brazil!

Hello Sachin - It is a great article! Thanks for explaining the concepts in detail. By the way, is the process of setting up the SSL same if I want to host kafka in openshift container? Thanks!

Hi Sachin, Can you also share your sql scripts? How did you setup the Debezium for Postgres?

Hi could you give us link github repo?

Can you explain how to generate a cliente certificate? I’m not sure what to place on the CN field since it’s a server. I would like to talk more in detail to you.

I just realized many other tutorials have missed/skipped step 6 in the pictures. The step to validate the cert with the CA. Thanks for clearing that up. 🎉

My application is running in AWS ECS, the path to connect to my app externally is as follows: AWS route53 => Load Balancer => AWS ECS (my app runs here) Do you know if I could still perform mTLS in my app running in ECS? I think that the only way would be to introduce an AWS API Gateway. What do you think? By the way, I love this video, it is the best for this topic.