Understand the process server HTTPS client authentication

Reprinted from https://www.cnblogs.com/kabi/p/6200434.html

2



Certificate and apply presets

1: The client browser presets the root certificate, which contains CA公钥
2: CA server to request a certificate
3: CA with their own signature to sign a certificate, the fingerprint information is stored in a digital digest of the certificate inside, then sent to the server

Visit Process (simplified)

1: Client the sayHello
2: the server returns the certificate
3-1: client verifies the validity of the content certificate (time expired, the domain name and the like are the same)
3-2: validation certificate (whether tampering), the root certificate by the local the CA公钥decrypted digital digest, to see if they match.
3-3: If the digital signature is verified, the server can use public-key certificate to the next step which provides communication.