I have read numerous certification related docs. Being new to this technology I don't find any material detailing the manual certificate validation [even the faq on the same heading ] specially verifying key part. I also went through verify.c in openssl but key verification is lost amongst the APIs. Here is my understanding on certificate validation
A root certificate [signed by CA] comprises of version, serial num, issuer and subject details, public key algorithm details and a signature which is hash of the rest of cert details further encrypted using private key. This root cert is installed by browsers automatically. The web servers have their certificates signed by these CA. When a https site id accessed , the server sends a server certificate that contains most of the above details (except for changed subject name/validity etc.)along with the signature and a RSA public key Now for certificate validation: First we verify the credentials of issuer/common name etc.. that is clear to me Second step is to match the signature which I find a lil confusing Here do you use public key to decrypt the signature portion of your root certificate and compare it with, the decrypted portion of server certificate (decrypted with public key that appears in server certificate). Does this sound right? The root certificate has public key and signature and so does the server certificate. Please clarify as I am manually trying to verify certificates. Any other C files within openssl which talks the details about signature validation. Thanks for your help Regards Geetha DISCLAIMER: This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.
