Let’s say server S sends it’s certificate to client C. What is the method used to validate that this certificate is authentic?
What are the steps carried out to ensure that this is indeed the certificate issue to server S by a CA ?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Let’s say server S sends it’s certificate to client C. What is the method used to validate that this certificate is authentic?
What are the steps carried out to ensure that this is indeed the certificate issue to server S by a CA ?
The server sends a digital signature over the handshake data, signed by the private key coresponding to the public key in the certificate. The client verifies the signature with the public key. That establishes that the server owns the private key.
The client attempts to establish a trust relationship between the CAs that it trusts and the IssuerDN chain of the certificate. If successful, that establishes that the chain of CAs all believe in the next one’s identity all the way to the SubjectDN of the certificate.
So at this point we know that the server owns the private key implied by the certificate’s public key, and that the owner of the certificate is who it says he is. So now we know who he is.