Understand the process server HTTPS client authentication
Reprinted from https://www.cnblogs.com/kabi/p/6200434.html
Certificate and apply presets
1: The client browser presets the root certificate, which contains CA公钥
2: CA server to request a certificate
3: CA with their own signature to sign a certificate, the fingerprint information is stored in a digital digest of the certificate inside, then sent to the server
Visit Process (simplified)
1: Client the sayHello
2: the server returns the certificate
3-1: client verifies the validity of the content certificate (time expired, the domain name and the like are the same)
3-2: validation certificate (whether tampering), the root certificate by the local the CA公钥decrypted digital digest, to see if they match.
3-3: If the digital signature is verified, the server can use public-key certificate to the next step which provides communication.
Reproduced in: https: //blog.51cto.com/14101497/2411075