Revocation of digital certificates: CRL, OCSP, OCSP stapling
Digital certificate are normally expired after one year, but some situations might cause a certificate to be revoked before expiration. How does a client check the revocation status? Here I introduce three methods: CRL, OCSP, & OCSP stapling. What are they? How do they work? You would find answers in this video.
Playlist: Advanced Cryptography -
• What is digital signat...
Playlist: Basic Cryptography
• Private Key Encryption...
Please subscribe to my channel!
Please leave comments or questions!
Many thanks,
Sunny Classroom
Пікірлер: 81
I could not understand about CRL/OCSP/OSCP Stapling, but now I finally did. Thank you! You have been a great help!
Just want to say, i used some of your videos to pass my network plus and currently doing th same with security plus. I always find your explanations easier to understand than most other instructors. Thank you!
As ALWAYS...your videos help me BIGTIME! Whenever I am in need of a CLEAR explanation on a technology that some other 'Off the Charts GEEK in the Weeds' tries to teach, I check and see if Sunny has a class to clear it up for me! Thanks Again Man!!
@sunnyclassroom24
5 жыл бұрын
Thank you, John, for saying nice things about my videos. You are welcome. I wish I would complete my whole series in this area (about 200 videos) soon.
Simple and clear, that's all I need. Thank you Sunny!
I knew I could count on you to explain this concept clearly and concisely. I get it now! Thank you Sunny!
This is by far the best explanation ever! Thank you so much!!
As always your videos are clear and provide accurate information. Thank you, Sunny.
The best content on this topic is your channel !!
Awesome! This is the exact info I was looking for to troubleshoot an issue related to OSCP. Sunny! you very well explained CRL, OSCP, and OSCP-Stapling operations in a quick video. Thank you very much!
Step 4, that all this happens "during the SSL/TLS handshake" was the puzzle piece I was missing. Thank you. And the music at end made me laugh. :)
@sunnyclassroom24
4 жыл бұрын
Thank you for watching!
@mimi7132
3 жыл бұрын
Exactly
Truly awesome. Helps a lot because of your visualizations in addition to your explanation.
@sunnyclassroom24
4 жыл бұрын
Thank you for your time!
Thanks a lot Sunny! this is very clear and useful.
Greatly done Sunny...!!! 🥇🎖🏅
Simple and easy language/demo used in video. All thanks to you.
you are really good at explaining things. Thank you very much
It's very nice explanation. Thanks Sunny
Excellent videos, very concise and easy to understand. Thank you
@sunnyclassroom24
5 жыл бұрын
you are welcome!
Hi Sunny, great video once again! I think one thing I'd add for future viewers is that another thing browsers like Firefox and Chrome do are just push a software update if a certificate must be revoked as soon as possible
@sunnyclassroom24
5 жыл бұрын
thanks a lot for your information. I appreciate it very much.
Thank you for your clear explanations for our understanding.
Thank you so much this was very clear and helpful.
Great explanation!
Very useful information, thank you so much.
@sunnyclassroom24
5 жыл бұрын
You are welcome, Aziz.
As usual soooooooo amazing!!!!!!!!!!!!!!!!!!!!!
Clear explanation, thanks man!
Very helpful information - keep up the good videos and the good work
@sunnyclassroom24
5 жыл бұрын
thanks a lot!
thank you, thats a very clear explanation.
Great video. Thanks for the explanation.
another great video tutorial. thank you so much
@sunnyclassroom24
4 жыл бұрын
Thank you!
Great Videos. Very crisp explanation.
@sunnyclassroom24
4 жыл бұрын
Glad you liked it!
Very Good Explanation
Well done, thank you!
Great explanation
great explanation, thanks
great work. Thank you
@sunnyclassroom24
4 жыл бұрын
Thanks
very good teacher.Thanks
thanks this is much clean then reading the text explaination
@sunnyclassroom24
4 жыл бұрын
Thank you for watching!
Bravo!! ❤❤
Nicely Explained.... thank you sir
@sunnyclassroom24
3 жыл бұрын
You are most welcome!
Beautiful 👌
crazy how complicated other people make this when you just explained it in 6 mins.
You are awesome 🙏
@sunnyclassroom24
4 жыл бұрын
Thanks!
great video, would be great if you could update this and make a video about certificate transparency (CT Logs)! :)
Thank you verymuch
You're Gifted By God.
All clear, thanks Mr. Subscribing now.
@sunnyclassroom24
3 жыл бұрын
Thanks for the sub!
thanks very much
@sunnyclassroom24
3 жыл бұрын
You are so welcome!
Thank you sir
@sunnyclassroom24
3 жыл бұрын
All the best
Hi Sunny, will you talk about SCVP in the future videos?
well what if a domain spoofer simply forges a certificate?
Thanks for your video, "OCSP stapling" is quite smart solution, but for how long does web server cache OCSP Response from CA? And for how long does the client (browser) consider that the response is still valid (I mean as for standards)? I think this is the point of "lag" between revocation and outdated signed OCSP Response from web server. So it is important to note.
Sunny, one more question: Which book(s) would you recommend for a deep dive in this topic? (I mean cryptography not just revocation.)
@sunnyclassroom24
6 жыл бұрын
It depends how deep do you want to go? If you are just for CompTIA security + , you can use Comptia security+ guide to network security fundamentals 6th edition or 5th edition (cheaper).
@arber10
6 жыл бұрын
Thank you. I will check this.
So if an organization has issued certificates in thousands , and device1 comes with request , does webserver has stapled request for all thousand devices at that time , if its cached only on calls ? so when a signed response is received all it needs to do is verify certificate validity end date etc, no need to go to check revoked status as its trusted with cryptography i.e the signed response . is this right
hi sunny...can you explain how policy maping works in CA and sub-CA in another video?
@sunnyclassroom24
6 жыл бұрын
I put it on my to do list. Many thanks!
Does it mean OCSP URLs no need to be added to firewall between client and server?
Hi Sunny, if the client from a ABC company domain accessing a website, how can it check the website certificates status from the ABC domains CA CRL list,,, does that mean that ABC domain CA will have constant updates, if so how,,,
When certificates are stolen from CA, why those certificates need to be revoked. I mean we are already certificates, but harm stolen certificates will make.
@sunnyclassroom24
5 жыл бұрын
Browsers make sure that all certificates are valid. It is like someone stole your credit card, and you want to report to your credit card company to revoke it. Otherwise, the thief will use your credit card. The same thing.
@RajivKumar-ee7xv
3 жыл бұрын
@@sunnyclassroom24Here I have a question, Private key of stolen certificate is always with the owner for whom CA issued certificate. So other details are always public. What was stolen from CA for that particular certificate?
Yea but browser and other clients no longer check the crl or ocsp servers so revocation is useless .
Great explanation but I still have no idea what you are talking about.