Java Servlets

Digital Certificates

  1. User connects to server using https.
  2. Server signs its own public key with its own private key and send it back to browser.
  3. Browser uses the server's public key to verify that the same person who signed the key also owns it.
  4. Browser checks if authority (Verisign) signed the public key (avoid man-in-middle attack). Otherwise, asks user if key can be trusted.
  5. Client generates symmetric key for session, encrypts it with server's public key, and sends to server.

José M. Vidal .

60 of 89