TRUST. It's what certificates are all about. How do we know that we can trust a server? We verify that the server has a certificate, and that the certificate is signed by someone we trust. That can be a wellknown third party like Let's Encrypt, or our own certificate authority. In this video, I'm going to cover the basics of setting up a root private key and signing certificates using OpenSSL, and running a certificate authority server. As a bonus, I'm using a Yubikey to store the certiicate authorities private keys, so they can't be compromised without stealing the physical dongle (they CAN however be used to generate leaf certificates if the certificate authority is compromised). So follow along for a fun journey into the basics of setting up your public key infrastructure!

Link to the blog post with all of the details and commands to follow:
https://www.apalrd.net/posts/2023/net...

Feel free to chat with me more on my Discord server:
  / discord  

If you'd like to support me, feel free to here: https://kofi.com/apalrd

If you want to build your own, here's the hardware I used:
Yubikey 5 NFC https://amzn.to/3JcqkmY
Dell Wyse 3040 Thin Client https://ebay.us/Ieivdl

Timestamps:
00:00 Intoduction
00:32 Certificates
05:16 Generate Keys
12:09 Setup Smallstep
21:26 Caddy Example
23:54 Demo

#tls #cryptography #publickey