1

I have a question about the certificate usage to establish a secure (TLS/SSL) connection between a web browser and a website and really hope that someone can either direct me to a resource where it is explained or can spend some time to explain it here.

As far as I understand a certificate is sent by a webserver to a web browser initially to identify the web-server. So web-browser verifies who issued the certificate, checks in its local certificate store if a root certificate of that issuer exists and is trustworthy, compares website name with "subject" value in the certificate and tries to decrypt the certificate signature.

If that all passed, then the website is considered to be "trusted".

However, after that, something is done to set up a secure connection between the web browser and the website and exactly for that process I am looking for an explanation.

Is the same certificate used to create this secure connection? Is there a difference when MD5 or SHA is used?

schroeder
  • 125,553
  • 55
  • 289
  • 326
Pickleit
  • 11
  • 2
  • 8
    You are asking about key exchange and the following encryption. This is in detail explained in detail in [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). The certificate might be involved in this (RSA key exchange) or not (DHE/ECDHE key exchange) but in any case the signature algorithm used in the certificate does not matter for this. – Steffen Ullrich Apr 02 '17 at 12:43
  • I think any resource on the internet that explains TLS/SSL would walk you through this process. And you are wrong about the *purpose* of the certificate. – schroeder Apr 02 '17 at 14:14

0 Answers0