Certificate Validation in TLS
Trace how the client verifies the server certificate chain.
Why Validate Certificates?
Without certificate validation, a TLS connection could be established to an attacker posing as the server (man-in-the-middle). Certificate validation ensures you are talking to the legitimate server that controls the private key.
X.509 Certificate Fields Relevant to TLS
Key fields: Subject (who owns the cert), SubjectAltName (DNS names/IPs), Issuer (signing CA), Validity (notBefore/notAfter), Public Key, Signature. The browser checks all of these.
All lessons in this course
- TLS 1.3 Handshake Step by Step
- TLS Record Layer & Cipher Suites
- Certificate Validation in TLS
- TLS Attacks: BEAST, POODLE & Downgrade