OS/Browser have Public Keys of all trusted CAs. Eg mozilla foundation have a list of 50+ trusted CA means that mainly the public key is already present in the browser.
Now....some site say TrustedDomain.com sends a CSR request to one of the CA with all the required info such as { Domain Name IP Physical Office Address Its Own PublicKey }
Refer the above as Block1. CA uses its Own Private Key to sign the "Block1" E(Block1, PRiKey-CA) = k
Endpoint sends a page request for TrustedDomain.com and gets the "k" . It uses Public Key of CA which available to everyone to decrypt K This verifies that the Connection is trusted as if decrypted using the CA public key it has to be come from CA and its genuine.
After this Endpoint initiates connection to Trusted domain using Trusted domains publickey to encrypt the data and Trusted domain opens it using its own private key, a secure channel is created after that they switches to symmetric encryption for actual data transfer.
Now
Say A website is using a self signed certificate. we are trying to open this site using HTTPS. Now as per my understanding the site will use its own Private key to sign its [Domain,IP, own Public Key] etc say blockB
Now the question is when we send a request to this site we get a certificate error. Now we have the option to install this certificate. Jus want to know as we donot have the PublicKey of this self signed website How it opens the blockB to get the publickey?
can someone explain/give some pointer how this cert info is carried in Packet Level?
