Server authentication using certificate (process)
What I understand so far:
To authenticate a server the client uses the CA (its certificate) like this:
4.1. The client receives the server certificate
4.2. The client verifies that this certificate is authenticated by the certificate of the CA that it has (using the public key of the CA), it also verifies that the serial number of this certificate is not in the CRL (certificate revocation list)
4.3. The client generates a symmetric key and encrypts it using the public key giving by the server and sends it to the server
4.4. All communication starting from now is then encrypted using this symmetric key
Here is where I am still a bit confused:
The client uses the CA public key to verify the server certificate in step 4.2 but how does a match occur since the client only has the certificate of the CA? I mean unless the server csr passed to the CA has the same information verified by the client as the crt of the CA that the client has, how can a match occur?
Since anyone can have the server certificate I am assuming the only step that insures that only the server can communicate with the client is step 4.3 where only the server can have the symmetric key because only the server has the private key so only it can decrypt this encrypted symmetric key. Is this correct?
I am also not sure of all the steps or if I missed any steps.
我找到了一个答案(ssl证书如何验证?),它回答了我的问题的第一部分,然后幸运的是有人在评论中发布了一个链接来回答其他问题:http://www.moserware.com/2009/06/first -few-毫秒-OF-https.html
链接地址: http://www.djcxy.com/p/21786.html上一篇: 如何在我的设备上安装可信的CA证书?
下一篇: 使用证书的服务器认证(进程)