Posted by admin

TRUST. It's what certificates are all about. How do we know that we can trust a server? We verify that the server has a certificate, and that the certificate is signed by someone we trust. That can be a well-known third party like Let's Encrypt, or our own certificate authority. In this video, I'm going to cover the basics of setting up a root private key and signing certificates using OpenSSL, and running a certificate authority server. As a bonus, I'm using a Yubikey to store the certiicate authorities private keys, so they can't be compromised without stealing the physical dongle (they CAN however be used to generate leaf certificates if the certificate authority is compromised). So follow along for a fun journey into the basics of setting up your public key infrastructure! Link to the blog post with all of the details and commands to follow: https://www.apalrd.net/posts/2023/network_acme/ Feel free to chat with me more on my Discord server: https://discord.gg/xJsaEukAr4 If you want to build your own, here's the hardware I used: - Yubikey 5 NFC https://amzn.to/3JcqkmY - Dell Wyse 3040 Thin Client https://ebay.us/Ieivdl Timestamps: 00:00 - Intoduction 00:32 - Certificates 05:16 - Generate Keys 12:09 - Setup Smallstep 21:26 - Caddy Example 23:54 - Demo #tls #cryptography #publickey