I already know the basic concept like public key and private key, the message encrypted by public key can be decrypted by private key, and vice versa, but I just can't understand how client know the requested server is the right one and I want to understand the detail of the process.
Asked
Active
Viewed 138 times
1 Answers
4
The client compares the server hostname you type into the URL against the subject name in the certificate. If they match, then it's the right server. If they don't match, then it's the wrong server. That simple.
-
Yes, Subject Alternate Name, I know. Best not to add to the confusion, I say. – tylerl Jan 30 '13 at 09:18
-
Actually, It's CN (common name) SAN's are the alternate names (aliases if you will) that the certificate will also resolve to. – k1DBLITZ Jan 30 '13 at 15:47