Server authentication during the SSL handshake

Question

I have question regarding the server authentication during the SSL handshake.

I am going to write this up as my understanding of the concept. Please feel free to point out any mistakes.

We generate a CSR on the server which includes the public key of the server along with the ID information of the server. The CA verifies the identity information after series of steps and generates a certificate which is also signed by the digital signature of the CA server. My first question here is that what comprises of the Digital signature of the server.Does it use the values in CSR; i.e take a hash and encrypt them to generate digital signature or this process of digital signature is individual to the CA.

Secondly during the SSL handshake this certificate is presented to the client. Now in order to verify this certificate one of the steps would be to make sure that issuing CA’s public key validate the issuer’s digital signature.How is this step performed?

Answer 1

My first question here is that what comprises of the Digital signature of the server.Does it use the values in CSR; take a hash and encrypt them to generate digital signature or this process of digital signature is individual to the CA.

Part of the X.509 standard (standard format for public key certificates) is that certificate signature algorithm can be specified by the signing party. Wikipedia for instance has a cert where SHA(-256) with RSA was used to sign the cert (this method is very common):

SHA with RSA basically works the way you expected it. It takes the contents of the cert, throws them through a hash function (SHA) and then signs them via the RSA private key. Written out, if C is the cert, then the signature S is computed as S = (padding || SHA(C) ^ d mod N where padding is a secure padding scheme for RSA, the private RSA key is d and the public RSA key is (N, e).

Moving on, on lets say during the SSL handshake this certificate is presented to the client. Now in order to verify this certificate one of the step would be to make sure that issuing CA’s public key validate the issuer’s digital signature. How is this step performed?

Using the above case as an example, say I have a signature S for a cert C. Recall that (N, e) is the public key of the CA. The way I would verify the signature is to calculate V = S ^ e mod N (with the padding stripped). In other words I verify the signature with the CAs public key. I would then check if V = SHA(C). If this is the case then the signature is valid. For further details see also How does RSA signature verification work?.