2.1 Cert confirm identity

Certificate Authorities validate the identity of the certificate holder(website) for the user(browser)

We want to talk to a website but how do we are not talking to a faker?
A website needs to confirm it’s identity using a Cert.
But how do we know to trust the Cert?
Using Certificate Authorities(CA) like LetsEncrypt

2.2 Cert Signing Request

• CA public key is pre-installed in most Client browsers
• CA private key: Every month you may ask let’s encrypt to sign your SSL Cert.

Example CA: LetsEncrypt

Generates a public-private key pair as domain.key
and a Certificate Signing Request domain.csr

openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr

1. Validation: is the SSL cert really from the Website?
   Check in authenticity of SSL cert using LetsEncrypt PublicKey
2. After-Validation: Ok, the cert is legit so it’s safe to take the SSL cert public key
3. Encrypt: Now I can use the website’s SSL cert public key to encrypt my own(browser) Secret Key
4. Share Secret Key: I can send this encrypted Secret Key back to the website which the website can decrypt with it’s private key.