0

Assume a browser hits a website with SSL. The website presents its public key (server.pem) which is signed by a CA. The browser then has to hit the CA and asks about the validity of the public key server.pem before proceeding.

Is that a correct understanding? If yes, how does the browser know where the CA is to hit?

Can you use openssl to open server.pem and find out the CA information? I have tried the following but couldn't find any information. openssl x509 -in server.pem -text

TrongBang
  • 923
  • 1
  • 12
  • 23
  • 1
    No, it isn't a correct understanding. The website presents its *certificate*, which not in a .pem file, and which is signed by a CA. The browser has a list of trusted CAs. – user207421 Jul 19 '23 at 02:15

0 Answers0