Certificate Authority Servers

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, Cybrarians, welcome back to
00:00
the Linux+ Course here at Cybrary.
00:00
I'm your instructor Rob Goelz.
00:00
In today's lesson, we're going to be
00:00
discussing certificate authority servers.
00:00
Upon completion of today's lesson,
00:00
you're going to need to be able to
00:00
understand the importance of
00:00
certificates and why we use those
00:00
>> for establishing trust.
00:00
>> We're going to talk about how a certificate
00:00
authority helps to establish
00:00
that trust and name the ports
00:00
that are used by a certificate authority.
00:00
A certificate authority role solves
00:00
a major issue with security, especially with websites.
00:00
How can you trust that a website that you reach
00:00
is the real site that you're trying to land on?
00:00
The answer is you use digital certificates because they
00:00
validate the identity of the server.
00:00
Digital certificates are either
00:00
>> issued or signed by a CA.
00:00
>> Therefore, the certificate authority
00:00
can verify the certificate.
00:00
We're going to talk a little bit about certificates and
00:00
encryption keys here just a little bit just to
00:00
establish contacts when we talk about CAs.
00:00
A certificate is an encrypted key,
00:00
and we largely focused on asymmetric encryption,
00:00
which uses two keys,
00:00
a public key which is known by everyone,
00:00
but can only be decrypted by the private key,
00:00
and the private key which is only known by
00:00
the owner but can be decrypted by a public key.
00:00
By comparison, a symmetric key is
00:00
a single key that's known to both parties.
00:00
What happens in general is
00:00
that asymmetric encryption is
00:00
used to establish a trusted connection,
00:00
and then once we have trust on both sides,
00:00
we can use that to exchange the symmetric
00:00
key so that we have a trusted,
00:00
secured connection to share that key.
00:00
The CA can issue a certificate to a web server owner or
00:00
the owner sends a certificate signing request
00:00
called a CSR to the CA.
00:00
This CA signs the certificate with his own private key.
00:00
Remember, signing with a private key,
00:00
and that means that can be decrypted with a public key.
00:00
Remember, everyone can access a public key.
00:00
Therefore, everyone can decrypt
00:00
the signature of the certificate,
00:00
which means that everyone can now
00:00
verify that that certificate
00:00
that's issued to the web server
00:00
is valid and that is how you can validate
00:00
the web server is the
00:00
correct web sever you're trying to land on,
00:00
it's because it's backed up by the CA.
00:00
A CA can be used for certificates beyond
00:00
just the SSL and TLS web certificates and
00:00
different ports can be used on a certificate authority
00:00
based on the types of certificates
00:00
that it's going to issue.
00:00
We've covered SSL and TLS,
00:00
which are used for web servers,
00:00
and those generally communicate via port
00:00
443 when they're talking to the certificate authority.
00:00
But if you're talking about something like LDAP,
00:00
that might use port 389 or
00:00
636 to talk to the certificate authority.
00:00
In general, it's just important to
00:00
look at the ports that are required to
00:00
communicate with the CA for each application
00:00
that's using the certificate authority
00:00
because they may vary.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson we covered the important role
00:00
that certificate authorities play when we're
00:00
talking about establishing trust.
00:00
We also talked about how the certificate authority
00:00
establishes trust in it's signing process,
00:00
and we talked about the ports
00:00
that are used by a certificate authority.
00:00
Thank you so much for being here and I
00:00
look forward to seeing you in the next lesson.
Up Next