1.1 KiB
1.1 KiB
title, description, published, date, tags, editor, dateCreated
| title | description | published | date | tags | editor | dateCreated |
|---|---|---|---|---|---|---|
| SSL/TLS | true | 2025-09-28T15:54:30.974Z | markdown | 2025-09-28T14:42:56.701Z |
SSL/TLS
CA
A provider which can sign certificates.
Certificate
The CA provides a certificate and signs it with a digital signature using the private key of the CA.
f(certificate, CA Private Key) = signature
An SSL/TLS certificate (X.509 cert) contains
- The server’s public key
- The domain name(s) it’s valid for
- Validity period (start/end dates)
- Extensions (like usage constraints)
- A digital signature made by the issuer (CA)
The client request a certificate from a server and checks that the resulting hashes match. The CA public key is knwon to the browser prior.
f(signature, CA public key) = result hash
hash(certificate) = result hash
The the client uses the Servers public key taken from the CA certificate and sends a messages which can only be correctly decoded if the server has the correct private key.
Client
f(message, Server public key) = crypt
Server
f(crypt, Server private Key) = message
After this the TLS handshake is complete.