0

If the HTTPS webserver uses self signed certificate, the web browser warns the user as follow.

http://www.sslshopper.com/assets/images/iis7/iis7-self-signed-certificate-8-certificate-not-trusted.png

I am curious how can browser tell if the certificate is self signed or not(in detail). is there any technically detailed document which describes this process?

thank you in advance.

daehee
  • 101

1 Answers1

0

You can find the complete detail in RFC5246.

Put very simple: Every certificate should be signed by a third party. Each third party's certificates are included within your browser. The browser can check if the certificate is signed by a third party it trusts, if it's signed by the same server of which you are demanding to see the identity, then it's considered self signed.

Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196