Via a WebApi .Net 4.6.1 I'm integrating with a service that requires data to be sent on a TLS 1.2 connection digitally signed using the PKCS#7 pattern, but when checking an integration example , I realized that the implementation makes use of the class X509Certificate2 , and that the X.509 is also a certificate standard.
1. After all, if both are defaults, using the X509Certificate2 class is a mistake to implement based on PKCS#7 ?
2. In TLS connections the sending of the certificate should not be done only once in the TLS handshake and afterwards all validations be exchanged the shared symmetric key to then start sending the data safe way?
2.1. In this case it seems to me that the data is already being signed and sent with the private asymmetric key and then decrypted with the public key on the destination server. Or behind the wipes does .Net itself manage all the process needed to complete the TLS connection correctly until it generates the symmetric key?