Just want to say, i used some of your videos to pass my network plus and currently doing th same with security plus. I always find your explanations easier to understand than most other instructors. Thank you!
As ALWAYS...your videos help me BIGTIME! Whenever I am in need of a CLEAR explanation on a technology that some other 'Off the Charts GEEK in the Weeds' tries to teach, I check and see if Sunny has a class to clear it up for me! Thanks Again Man!!
Thank you, John, for saying nice things about my videos. You are welcome. I wish I would complete my whole series in this area (about 200 videos) soon.
Awesome! This is the exact info I was looking for to troubleshoot an issue related to OSCP. Sunny! you very well explained CRL, OSCP, and OSCP-Stapling operations in a quick video. Thank you very much!
Hi Sunny, great video once again! I think one thing I'd add for future viewers is that another thing browsers like Firefox and Chrome do are just push a software update if a certificate must be revoked as soon as possible
Thanks for your video, "OCSP stapling" is quite smart solution, but for how long does web server cache OCSP Response from CA? And for how long does the client (browser) consider that the response is still valid (I mean as for standards)? I think this is the point of "lag" between revocation and outdated signed OCSP Response from web server. So it is important to note.
It depends how deep do you want to go? If you are just for CompTIA security + , you can use Comptia security+ guide to network security fundamentals 6th edition or 5th edition (cheaper).
Hi Sunny, if the client from a ABC company domain accessing a website, how can it check the website certificates status from the ABC domains CA CRL list,,, does that mean that ABC domain CA will have constant updates, if so how,,,
When certificates are stolen from CA, why those certificates need to be revoked. I mean we are already certificates, but harm stolen certificates will make.
Browsers make sure that all certificates are valid. It is like someone stole your credit card, and you want to report to your credit card company to revoke it. Otherwise, the thief will use your credit card. The same thing.
@@sunnyclassroom24Here I have a question, Private key of stolen certificate is always with the owner for whom CA issued certificate. So other details are always public. What was stolen from CA for that particular certificate?
So if an organization has issued certificates in thousands , and device1 comes with request , does webserver has stapled request for all thousand devices at that time , if its cached only on calls ? so when a signed response is received all it needs to do is verify certificate validity end date etc, no need to go to check revoked status as its trusted with cryptography i.e the signed response . is this right
Just want to say, i used some of your videos to pass my network plus and currently doing th same with security plus. I always find your explanations easier to understand than most other instructors. Thank you!
As ALWAYS...your videos help me BIGTIME! Whenever I am in need of a CLEAR explanation on a technology that some other 'Off the Charts GEEK in the Weeds' tries to teach, I check and see if Sunny has a class to clear it up for me! Thanks Again Man!!
Thank you, John, for saying nice things about my videos. You are welcome. I wish I would complete my whole series in this area (about 200 videos) soon.
I could not understand about CRL/OCSP/OSCP Stapling, but now I finally did. Thank you! You have been a great help!
I knew I could count on you to explain this concept clearly and concisely. I get it now! Thank you Sunny!
The best content on this topic is your channel !!
This is by far the best explanation ever! Thank you so much!!
Step 4, that all this happens "during the SSL/TLS handshake" was the puzzle piece I was missing. Thank you. And the music at end made me laugh. :)
Thank you for watching!
Exactly
Simple and clear, that's all I need. Thank you Sunny!
Truly awesome. Helps a lot because of your visualizations in addition to your explanation.
Thank you for your time!
Simple and easy language/demo used in video. All thanks to you.
Thank you for your clear explanations for our understanding.
It's very nice explanation. Thanks Sunny
As always your videos are clear and provide accurate information. Thank you, Sunny.
Awesome! This is the exact info I was looking for to troubleshoot an issue related to OSCP. Sunny! you very well explained CRL, OSCP, and OSCP-Stapling operations in a quick video. Thank you very much!
Thank you so much this was very clear and helpful.
Thanks a lot Sunny! this is very clear and useful.
Great explanation!
Great Videos. Very crisp explanation.
Glad you liked it!
Clear explanation, thanks man!
thanks this is much clean then reading the text explaination
Thank you for watching!
Excellent videos, very concise and easy to understand. Thank you
you are welcome!
As usual soooooooo amazing!!!!!!!!!!!!!!!!!!!!!
Hi Sunny, great video once again! I think one thing I'd add for future viewers is that another thing browsers like Firefox and Chrome do are just push a software update if a certificate must be revoked as soon as possible
thanks a lot for your information. I appreciate it very much.
thank you, thats a very clear explanation.
Bravo!!
❤❤
Greatly done Sunny...!!!
🥇🎖🏅
Very useful information, thank you so much.
You are welcome, Aziz.
great work. Thank you
Thanks
You are awesome 🙏
Thanks!
crazy how complicated other people make this when you just explained it in 6 mins.
You're Gifted By God.
Well done, thank you!
you are really good at explaining things. Thank you very much
very good teacher.Thanks
Great explanation
Nicely Explained....
thank you sir
You are most welcome!
Very helpful information - keep up the good videos and the good work
thanks a lot!
Great video. Thanks for the explanation.
thanks very much
You are so welcome!
Thank you sir
All the best
Beautiful 👌
great explanation, thanks
great video, would be great if you could update this and make a video about certificate transparency (CT Logs)! :)
Thank you verymuch
All clear, thanks Mr. Subscribing now.
Thanks for the sub!
Hi Sunny, will you talk about SCVP in the future videos?
well what if a domain spoofer simply forges a certificate?
Thanks for your video, "OCSP stapling" is quite smart solution, but for how long does web server cache OCSP Response from CA? And for how long does the client (browser) consider that the response is still valid (I mean as for standards)?
I think this is the point of "lag" between revocation and outdated signed OCSP Response from web server. So it is important to note.
Sunny, one more question: Which book(s) would you recommend for a deep dive in this topic? (I mean cryptography not just revocation.)
It depends how deep do you want to go? If you are just for CompTIA security + , you can use Comptia security+ guide to network security fundamentals 6th edition or 5th edition (cheaper).
Thank you. I will check this.
Does it mean OCSP URLs no need to be added to firewall between client and server?
hi sunny...can you explain how policy maping works in CA and sub-CA in another video?
I put it on my to do list. Many thanks!
Hi Sunny, if the client from a ABC company domain accessing a website, how can it check the website certificates status from the ABC domains CA CRL list,,, does that mean that ABC domain CA will have constant updates, if so how,,,
When certificates are stolen from CA, why those certificates need to be revoked. I mean we are already certificates, but harm stolen certificates will make.
Browsers make sure that all certificates are valid. It is like someone stole your credit card, and you want to report to your credit card company to revoke it. Otherwise, the thief will use your credit card. The same thing.
@@sunnyclassroom24Here I have a question, Private key of stolen certificate is always with the owner for whom CA issued certificate. So other details are always public. What was stolen from CA for that particular certificate?
So if an organization has issued certificates in thousands , and device1 comes with request , does webserver has stapled request for all thousand devices at that time , if its cached only on calls ? so when a signed response is received all it needs to do is verify certificate validity end date etc, no need to go to check revoked status as its trusted with cryptography i.e the signed response . is this right
Yea but browser and other clients no longer check the crl or ocsp servers so revocation is useless .
Great explanation but I still have no idea what you are talking about.
Lopez Barbara Young Jessica White David
Very Good Explanation