0

OS/Browser have Public Keys of all trusted CAs. Eg mozilla foundation have a list of 50+ trusted CA means that mainly the public key is already present in the browser.

Now....some site say TrustedDomain.com sends a CSR request to one of the CA with all the required info such as { Domain Name IP Physical Office Address Its Own PublicKey }

Refer the above as Block1. CA uses its Own Private Key to sign the "Block1" E(Block1, PRiKey-CA) = k

Endpoint sends a page request for TrustedDomain.com and gets the "k" . It uses Public Key of CA which available to everyone to decrypt K This verifies that the Connection is trusted as if decrypted using the CA public key it has to be come from CA and its genuine.

After this Endpoint initiates connection to Trusted domain using Trusted domains publickey to encrypt the data and Trusted domain opens it using its own private key, a secure channel is created after that they switches to symmetric encryption for actual data transfer.

Now

Say A website is using a self signed certificate. we are trying to open this site using HTTPS. Now as per my understanding the site will use its own Private key to sign its [Domain,IP, own Public Key] etc say blockB

Now the question is when we send a request to this site we get a certificate error. Now we have the option to install this certificate. Jus want to know as we donot have the PublicKey of this self signed website How it opens the blockB to get the publickey?

can someone explain/give some pointer how this cert info is carried in Packet Level?

Curi0usM3
  • 61
  • 1
  • 5
  • I sense a lot of confusion in this question and I'm unable to understand what is being asked (in large part because you do not, apparently, understand what is going on). I suggest you start with [this](http://stackoverflow.com/questions/188266/how-are-ssl-certificates-verified) and, if you still have something to ask, edit your question for clarity. – Stephane Aug 25 '16 at 09:23
  • Everything you ask (where is the public key, packet level) is explained in [How does SSL/TLS work?](http://security.stackexchange.com/questions/20803/how-does-ssl-tls-work) specifically in [this answer](http://security.stackexchange.com/a/20847/37315) – Steffen Ullrich Aug 25 '16 at 10:21

2 Answers2

0

The certificate contains the public key.

How the certificate is carried depends of HTTPS/HTTP2.

Tom
  • 2,063
  • 12
  • 19
0

Authenticity is not a requied (but mostly recommended) part of TLS. There is always a certificate that will be sent to the client and holds a public key, however, this certificate may or may not be signed by a trusted CA.

Aurelia
  • 304
  • 2
  • 7