I am tring to figure out whether a secure connection is established between the client and the server. I Promotion: Tried the SSL example provided by the ASIO Library. My question is about the certificate used by the client and the server, to be specific, I generated a private key (mykey.pem). Then I used this private key to generate a signed certificate (mycert.pem) and I followed these files:
server side:
1) Context_.use_certificate_chain_file ("Mycert.pem", error);
context_.use_private_key_file ("mykey.pem", boost :: asio :: ssl :: context :: pem, error);
context_.use_tmp_dh_file ("DHPARMAPM", error);
Consumer Points:
2) ctx.load_verify_file ("mycert.pem", error);
Handshake is done with this code completely. My question is how do both servers and customers use the same certificate ("mycert.pem") in commands 1 and 2? With this approach a customer can easily pretend to be a server. Right? Do you think I missed something here?
The certificate is public information.
This is a private key that allows the entity to prove its identity, guaranteed by the client's SSL / TLS handshake that the server certificate contains the private key corresponding to the public key, along with the other master May be with the appropriate master secret, to be able to understand communication. This problem shows that the remote party is actually the one on which the certificate was issued. (This is like checking that the picture on the photo ID matches the person in front of you.)
The certificate of the client (and not the private key) tells you which certificate you have The problem is whether or not the certificate trusts (specifically what it says about the identity of the server). It is usually done using a PKI, so that the trust can be built through 3 parties (CA). (It's like checking that the photo ID is actually real, and it can trust you what it says.)
What you did by believing this specific server certificate is CA To bypass is an exception and indicates that you were willing to rely on this particular certificate to be real. (This is somewhat okay for certificates, but by using the CA your confidence structure can be more manageable and can add other features, such as the ability to cancel the certificate.)
No comments:
Post a Comment