1,234
edits
Changes
→Client communicating with server
=== Client communicating with server ===
Now that the server is configured, let's look at what happens when a web browser connects to a web server using HTTPS.
# The web browser connects to a web server, expecting to establish encrypted communication.
# The web server will send to the client its CA-signed public key.
# The browser came installed with a list of trusted CAs' public keys. Good luck figuring out how this list was compiled by whom when and how it's kept up to date. Let's just assume for now that those are all trustworthy, since everyone else assumes the same. It uses the appropriate CA's public key from that list to verify the server's public key.
# At this point a combination of signing, encryption, and exchange of symmetrical encryption keys can be used to establish a connection where all traffic in both directions is encrypted.
[[File:BrowserCA.png|800px|border|center]]