Why does the server send 2 public keys to the TLS handshake?

6

During information exchange in the TLS handshake, the server sends a public key together with the certificate. The server also sends a second public key (Server Key Exchange) if the client accepts the certificate.

If the server has already sent a public key together with the certificate, what is the need for a second public key?

    
asked by anonymous 09.11.2017 / 10:22

1 answer

1

As @Inkeliz already spoke, the point is that the certificate sent by the server, in fact, is not a certificate, but a chain of certificates. The certificate itself is not signed directly by the certifying agency, but by an intermediary agency. However, the browser only knows the certification agencies, so it is necessary to create a current of public keys until it reaches the signature of the root certifier.

If you need more details, This IBM article , which explains in more detail the TSL security process.

    
13.11.2017 / 13:19