---
title: SSL/TLS
description: 
published: true
date: 2025-09-28T15:54:30.974Z
tags: 
editor: markdown
dateCreated: 2025-09-28T14:42:56.701Z
---

# SSL/TLS

## CA 
A provider which can sign certificates. 


## Certificate 

The CA provides a certificate and signs it with a digital signature using the private key of the CA. 

```
f(certificate, CA Private Key) = signature
```

An SSL/TLS certificate (X.509 cert) contains 

* The server’s public key
* The domain name(s) it’s valid for
* Validity period (start/end dates)
* Extensions (like usage constraints)
* A digital signature made by the issuer (CA)

The client request a certificate from a server and checks that the resulting hashes match. The CA public key is knwon to the browser prior. 

```
f(signature, CA public key) = result hash
```

```
hash(certificate) = result hash
```

The the client uses the Servers public key taken from the CA certificate and sends a messages which can only be correctly decoded if the server has the correct private key.

Client
```
f(message, Server public key) = crypt
```

Server
```
f(crypt, Server private Key) = message
```

After this the TLS handshake is complete.