TLS – part 2

• When a client connects with SSL or TLS

• • They negotiate an encrypted session during which they learn the server's public key.
  • The server sends them the certificate
  • They validate the certificate using the CA's public key stored in a keyring on their machine.
  • If the certificate is valid, the domain name matches the domain in the cert and the expiration date has not passed, the client knows the connection is secure.