How does HTTPS work with respect to accepting a certificate?
Very sipmly put with a little story:
Client : (Connects to the server and, sticks out it's hand) "Hello! Here are my encryption details."
Server : (Takes hand of the client) "Hello. Here are my encryption details. Here is my certificate." (Handshake negotiation complete. Client check the cerificate)
Client : Great, here's my key! So from now on everything is encrypted using this key. OK?
Server : OK! (SSL Handshake complete)
Client : Great, Here comes my data over HTTP!!
Certificates are used in the SSL handshake. The certificate that the server hands to the client is signed by a Certificate Authority (CA) like VeriSign and is specific to the server. There are various checks that happens in the SSL handshake. One of the important ones to know about is the Common Name attribute of the certificate must match the host / DNS name of the server.
The client has a copy of the CA's public certificate (key) and can thus use it (calculate with SHA1 for example) to see if the server's certificate is still ok.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With