PKI Tutorials - Herong's Tutorial Examples - Version 2.10, by Dr. Herong Yang
HTTPS Server Authentication Process
This section describes the HTTPS server authentication process - 1. CA root certificate installed in the browser; 2. Web server certificate signed by the CA; 3. Web server certificate validated by the browser.
As mentioned in the previous section, Web server authentication an important process to ensure the security of the HTTPS communication. The following diagram from washburnsworld.blogspot.com shows how Web server authentication is done at a high level:
As you can see from the diagram, there are 3 major activities involved in Web server authentication process:
1. Installing CA (Certificate Authority) root certificate - The browser vendor receives the CA root certificate from the CA; and distributes it as part of the browser installation package.
2. Signing Web server certificate - The Web server owner sends the certificate request to the CA. The CA, acting as the RA (Registration Authority), verifies the Web server identity. Then the CA signs (or issues) the Web server's certificate.
3. Validating Web server certificate - When you use the browser to visit the Web server, the browser, acting as the VA (Validation Authority), receives the Web server's certificate and validates it against the CA root certificate. If the browser finds no issue in the server certificate, it starts to use the public key embedded in the server certificate to secure the communication with the server.
The goal of HTTPS Web server authentication is to help the browser, on behave of you (the Web server user), to build a trust with the Web server before exchanging data with the server. If the browser returns an error when validating the server certificate, you know that the server can not be trusted and you should stop using that Web server.
But if the browser returns no error when validating the server certificate, can you really trust the server? Yes, you can trust the Web server, if following assumptions are true:
Last update: 2011.
Table of Contents