In general, my understanding.
Server that run SSL will need to get a sign certificate from a CA, this contain a private key
for this particular SSL server, which is use to encrypt the message send over to the client.
Client that need to communicate with SSL server will need to have public key
that can be use to decrypt the certifcate send out by the SSL Server during the handshake.
The certificate send out by the SSL Server basicly introduce it self as who it claim to be
that has been certify by the CA. Due to that client can decrypt the SSL certificate( the encrpted message sendover by the SSL Server) with the CA public key that mean client is talking to the right entity.
No comments:
Post a Comment