Server Certificates - Self Signed and LetsEncrypt Certificates for the LAN

Поділитися
Вставка
  • Опубліковано 26 лис 2024

КОМЕНТАРІ • 60

  • @BrianThomas
    @BrianThomas Рік тому +34

    This should have a ton more likes than it does. Not many on UA-cam have ever explained it like this before. Great job!

    • @OneMarcFifty
      @OneMarcFifty  Рік тому +1

      Hi Brian, that’s very kind - thank you very much

  • @graceoverall
    @graceoverall 4 місяці тому +4

    12:25 Brilliant!!! I didn't know about transparency laws requiring the disclosure of private certs. For me, that's a deal breaker for my (future) homelab.

  • @alfonsofujita2592
    @alfonsofujita2592 8 місяців тому

    Waoo. The first video that explains me how let’sencrypt ask DNS for verification.
    This video is for newest like me.
    Thanks

  • @AlexCernat
    @AlexCernat Рік тому +4

    congratulations for sharing info about certificate transparency program; many people are not aware about it, and some will have a big unpleasant surprise one day (hostnames disclosure, funny "test" dns names etc.)

    • @OneMarcFifty
      @OneMarcFifty  Рік тому

      Hi Alex, thank you very much - one could probably talk for hours about the impacts and side effects of certificates, TLS, trusts, chains and so on ;-) But when I read about the Cert Transparency, I thought - hmmm ... If you get a cert for host1, host2... then you probably have a host 3 ;-)

  • @rsmonteiro82
    @rsmonteiro82 8 місяців тому

    Thanks Marc! The way you explain the thing is excellent!

  • @glitchy_weasel
    @glitchy_weasel Рік тому +4

    Let's Encrypt is a fantastic project! It definitely makes the internet more accessible and secure for hobbyists webmasters. Very good explanation by the way!

  • @Benemortasia666
    @Benemortasia666 Рік тому

    That application/database program I am using ever since, its awesome. Thank you.

  • @pallzoltan
    @pallzoltan 10 місяців тому

    I love how well you explained everything. Thank you.

  • @yitspaerl7255
    @yitspaerl7255 Рік тому +1

    Very interesting. Especially using a free wildcard cert locally. Thanks a lot!

  • @pberto
    @pberto Рік тому +2

    I can only confirm my comment on part 1. Good job, Marc.

  • @rklauco
    @rklauco Рік тому +2

    I did not realize you can use the wildcard certs like this in LAN. Good idea...

    • @OneMarcFifty
      @OneMarcFifty  Рік тому +1

      Hi Robert, yeah - I discovered that when I tried to segregate my VLANs using a reverse proxy ;-)

  • @AdityaTyagi-e6n
    @AdityaTyagi-e6n Рік тому +1

    Very nicely explained. Thanks a lot for your efforts.

  • @_r00f
    @_r00f Рік тому +2

    Thanx Marc! I personally found the best option to automate let's encrypt wildcard cers is to maintain your own dns servers. It allow you to make any number of subdomains with DNSSEC and all the stuff.

    • @OneMarcFifty
      @OneMarcFifty  Рік тому

      Hi Sergey, that's definitely a good option.It does have side-effects though (such as opening access to port 53 and the like)

    • @_r00f
      @_r00f Рік тому +1

      @@OneMarcFifty I have 1 master and 2 slave dns. Master local, slaves on external servers. In the domain zone NS servers - only slaves. The master dns has port 53 open only for the ip addresses of the slave dns servers.

    • @OneMarcFifty
      @OneMarcFifty  Рік тому

      Oh that makes total sense - perfect, thanks for sharing!

    • @killer2600
      @killer2600 8 місяців тому

      @@_r00f I'd like to introduce you to cloudflare.

  • @affinitystablepeanuts
    @affinitystablepeanuts Рік тому

    Very nice and very clear explanation around letsencrypt. Thank you. Deserves a lot more likes.

  • @BobLoblaw_
    @BobLoblaw_ 3 місяці тому

    Great explanation and great video (series)! Thanks!

  • @justpassing6776
    @justpassing6776 4 місяці тому

    well served solutions for everyone. Great job!

  • @daniellukesmith
    @daniellukesmith 7 місяців тому

    His explanations are the best

  • @Avopeas
    @Avopeas 11 місяців тому

    Thank you very much for your great explanation.

  • @avgjoe3869
    @avgjoe3869 2 місяці тому

    Underrated content!

  • @samuraijaydee
    @samuraijaydee Рік тому +1

    Thank you for this Marc. This is a big help for me :)

  • @alexs5588
    @alexs5588 Рік тому +3

    Great video Marc, always extremely informative thank you!!! Would you ever consider revisiting the BATMAN protocol in depth? Such as with DSA architecture or APs with no built in switch?

    • @OneMarcFifty
      @OneMarcFifty  Рік тому +2

      Hi Alex, many thanks. I am currently working on an episode on how to build a router with the Raspberry Pi - with regards to the question how to do VLANs without a switch. But your question inspires me to maybe do a separate episode altogether, as there are mutiple ways of doing VLANs on devices with or without switches. I might talk about BATMAN in those as well. Thanks again.

  • @fef-e4k
    @fef-e4k 4 місяці тому

    great video quality, great content, great tool and of course great explanation. I have downloaded the XCA software on my windows 10. I have a lil challenge: I am working with vs code and have accessed my server via it. I have also created my CA with XCA. the challenge i have now is copying my CA to the server just like you did. Any guide?

  • @qamaranwar-ye8tp
    @qamaranwar-ye8tp Рік тому

    GREAT Video, GREAT to say the least

  • @daxelai
    @daxelai 4 місяці тому

    Excellent explanation.
    Actually I am using tomcat server on my LAN to deployed my application. In this video we downloaded two certificate and key can I use only key and ca certificate or key with certificate to configure https in tomcat.

  • @mohammeddawwas3822
    @mohammeddawwas3822 Рік тому

    do you have a video explains in details about wildcard certificate ?

  • @ATech-dg9lj
    @ATech-dg9lj 6 місяців тому

    I agree with@BrianThomas - never seen anything like this before - well done sir.
    I wonder if you would be able to cover the X.509 certification in terms of STM32 Mbed RTOS terms of usage. I.e., would the xca tool be able to support the lwIP embedded server httpd deamon on STM32 processors. Also how can the x.509 certification be implemented on production runs of hundreds or thousands of boxes. Would every box require a seperate certificate etc. in case the vendor does not use a different private key for each product sold would the public key holders be able to hack other customers products. This is a very unclear area of discussion regarding this type of certification. Please give us your thoughts on this topic sir. Thanks

  • @jogikuenstner7758
    @jogikuenstner7758 9 місяців тому

    Interesting, great content!
    I happen to use the same webspace-provide like you, but I have enabled 2FA with an authenticator-app.
    Do you see any chance then still to do automation?

  • @der_imperator6907
    @der_imperator6907 Рік тому +1

    I'm really interested in your automation certbot script. How did you read the string for the txt record given by certbot?

    • @OneMarcFifty
      @OneMarcFifty  Рік тому +2

      If you check github.com/onemarcfifty/cheat-sheets/blob/main/Certificates/ansible-playbooks/auth_hook.py then you can see that the value comes from the environment variables CERTBOT_VALIDATION and CERTBOT_DOMAIN which are set by the certbot command.

  • @BrunoCouleau
    @BrunoCouleau Рік тому +4

    Very nice and idiot proof explanation. Thank you.

    • @OneMarcFifty
      @OneMarcFifty  Рік тому +1

      Hi Bruno, thank you very much for your feedback!

  • @boubou40
    @boubou40 Рік тому +1

    Thank you for the video ! does the wildcard option allow me to use short names without a warning ? I'm using step-ca for my homelab to automatically provides certificates for my servers

    • @OneMarcFifty
      @OneMarcFifty  Рік тому

      Hi Vincent. No - you will still need FQDN with these.

  • @robertschultheis1769
    @robertschultheis1769 6 місяців тому

    Extremely helpful video series, thank you!

  • @alexander5052
    @alexander5052 Рік тому

    Great video!

  • @zaxeer
    @zaxeer 8 місяців тому

    So no way to get lets encrypt certificate for internal domain other than creating own CA?

  • @fabioamado6725
    @fabioamado6725 Рік тому

    Thank you very much for this video. Is it possible to run this XCA program in Docker Container? What would be the best option, in terms of security?

    • @peterhaskew
      @peterhaskew 3 місяці тому

      I have installed the XCA application locally, but host its database in a Docker container running MySQL instead of a local file. Does that help (a year later!)?

    • @fabioamado6725
      @fabioamado6725 3 місяці тому

      @@peterhaskew Thank you for your answer. It always helps, at least for others. In the meantime, I went the route of using a reverse proxy (NGINX) signig the certificates via wild card certificate by Let's Encrypt. Is my option more or less secure than the one explained here? Thank you anyway :)

  • @marvinma6887
    @marvinma6887 Рік тому +1

    very nice,thank you

  • @itsm3dud39
    @itsm3dud39 Рік тому

    can i share my x 509 .pem certificate to my teammate? what happens if .pem certificate is publicly exposed??

  • @oswaldomoraleshernandez4306

    Thanks! 👍

  • @jedd1
    @jedd1 Рік тому +2

    Thanks!

    • @OneMarcFifty
      @OneMarcFifty  Рік тому

      You're welcome - thanks for he feedback!

  • @seanmagee7339
    @seanmagee7339 10 місяців тому

    Thank you. You explained that very well.