How does your browser knows that the TLS certificate presented by the web server is a legit one signed by a trusted C.A ? (2024)

How does your browser knows that the TLS certificate presented by the web server is a legit one signed by a trusted C.A? (1)

Report this article

Ehis Iribhogbe

Java Backend Engineer | Driving Innovation in Software Development | Springboot | Java | DevOps | Fintech | Technical Writer (Cloud)

Published Mar 13, 2023

+ Follow

Introduction

When you browse the web, you might have noticed that some websites have a padlock icon in the address bar, indicating that they are secure. This security is provided by TLS (Transport Layer Security) encryption, which ensures that your data is transmitted securely over the internet. However, how does your browser know that the TLS certificate presented by the web server is a legitimate one signed by a trusted Certificate Authority (CA)? In this article, we will discuss how web browsers determine if a TLS certificate presented by a web server is legitimate and has been signed by a trusted Certificate Authority (CA).

Prerequisites: A fundamental understanding of web browsers, Certificate Authorities, TLS certificates, and digital authentication process is necessary.

Let’s Go!

Each Certificate Authority has set of key pairs(Private and Public Keys). The Certificate Authority uses their private key to sign the Certificate, all the public keys are all built-in all the browsers. The browsers uses the public key of the Certificate Authority to validate the certificate was actually signed by the Verified Certificate Authority themselves.

When a web server presents a TLS certificate to a browser, the browser needs to verify that the certificate is legitimate and has been signed by a trusted certificate authority (CA). Here is a simplified overview of the process:

The browser checks if the certificate presented by the server is valid: It verifies that the certificate has not expired, the domain name in the certificate matches the one in the URL, and the certificate is issued by a trusted CA.
The browser checks if the certificate has been issued by a trusted CA: The browser has a list of trusted CAs that it uses to verify the certificate. If the CA that issued the certificate is not on this list, the browser will display an error message indicating that the connection is not secure.
The browser verifies the signature of the certificate: The certificate contains a digital signature that has been created using the CA’s private key. The browser checks this signature using the CA’s public key, which is stored in the browser’s certificate store. If the signature is valid, the browser knows that the certificate was issued by the trusted CA.
The browser establishes a secure connection: Once the certificate has been verified, the browser and server negotiate a session key to be used for encrypting the communication. This key is used to encrypt and decrypt data sent between the browser and server, ensuring that it cannot be intercepted by third parties.
If all of the above checks pass, your browser displays a lock icon in the address bar and allows you to safely access the website using HTTPS.

In summary, your browser uses a combination of checks and verification processes to ensure that the TLS certificate presented by a web server is legitimate and has been signed by a trusted CA. This helps to protect your online security and privacy by encrypting your connection to the website and preventing attackers from intercepting or tampering with your data.

Comment

3 Comments

Sign in

Stay updated on your professional world

By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.

New to LinkedIn? Join now

Insights from the community

Computer Networking How can you troubleshoot common HTTPS issues?
Computer Science How can digital certificates ensure web application authenticity?
OAuth What are the trade-offs between implicit grant flow and authorization code flow?
Secure Sockets Layer (SSL) What are the best practices for configuring TLS false start in Chrome?
Web Applications What are the steps to troubleshoot a web application that won't load?
Web Application Design How do you balance performance and security when using third-party APIs and libraries in your web app?
PKI What are the differences and similarities between X.509 certificates and other types of digital certificates?
Web Technologies How do you use HTTPS and SSL certificates to secure your Angular web traffic?
Authentication What are the pros and cons of session tokens vs cookies for security and performance?
HTML5 How can you use HTML5 authentication for secure and user-friendly login?

Others also viewed

Securing the Web, are we getting there? Mark Thomas 4y
What happens when you type google.com in your browser and press Enter Valarie Muema 7mo
Revoked Web Certificates Trusted by Google's Chrome Browser? Michael Y. 4y
Looking Back at 2020 Bruce Morton 3y
Explain the Difference Between HTTP and HTTPS - Pros and Cons Priyanka Yadav 1mo
A diagram of what happens when you type google.com into a web browser and hit the enter key. Caroline Opiyo 1y
What happens when you type a URL into your browser? Naman Verma 12mo
Google marks HTTP as not secure Paul Higgins 6y
HTTPS Everywhere plug-in no longer needed Feisty Duck 2y
Google Rollout "Not Secure" Website Warnings Rebecca Kimber 5y

Explore topics

Sales
Marketing
Business Administration
HR Management
Content Management
Engineering
Soft Skills
See All

FAQs

How does your browser knows that the TLS certificate presented by the web server is a legit one signed by a trusted C.A ? ›

The browser checks if the certificate has been issued by a trusted CA: The browser has a list of trusted CAs that it uses to verify the certificate. If the CA that issued the certificate is not on this list, the browser will display an error message indicating that the connection is not secure.

Read On ›

How are TLS certificates verified? ›

The browser attempts to verify the authenticity of the web server by requesting identifiable information. The web server sends the SSL/TLS certificate that contains a public key as a reply. The browser verifies the SSL/TLS certificate, ensuring that it is valid and matches the website domain.

Discover More Details ›

How does a browser verify a server certificate? ›

The web server sends the browser or server a copy of its SSL certificate in response. The browser or server checks to see whether it trusts the SSL certificate. If it does, it signals this to the webserver. The web server then returns a digitally signed acknowledgment to start an SSL encrypted session.

How do I check my TLS certificate in browser? ›

Here's how to do it.

Open Chrome Developer Tools. The quickest way there is with a keyboard shortcut: OS. Keyboard. Shortcuts. Windows and Linux. Ctrl + Shift + i. F12. Mac. ⌘ + Option + i. ...
Select the Security tab. If it is not shown, select the >> as shown below.
Select View Certificate.

See Details ›

How does TLS work in browser? ›

TLS communications from the server include a message authentication code, or MAC, which is a digital signature confirming that the communication originated from the actual website. This authenticates the server, preventing on-path attacks and domain spoofing.

Find Out More ›

How do browsers trust a certificate? ›

Here is a simplified overview of the process: The browser checks if the certificate presented by the server is valid: It verifies that the certificate has not expired, the domain name in the certificate matches the one in the URL, and the certificate is issued by a trusted CA.

Tell Me More ›

How TLS certificate is authenticated? ›

When a TLS connection is established the server provides a certificate that the client validates before trusting the server's identity. The server can also request the client to authenticate itself through a client certificate. The latter is referred to mutual TLS and sometimes even called client TLS.

Show Me More ›

How are website certificates verified? ›

When you type a URL or follow a link to a secure website, your browser will check the certificate for the following characteristics: The website address matches the address on the certificate. The certificate is signed by a certificate authority that the browser recognizes as a "trusted" authority.

Explore More ›

How to verify a certificate is valid? ›

Chrome:

Enter the URL of the website you want to check in your browser's address bar and press Enter.
Click on the padlock icon in the address bar.
Click on Connection is secure.
Click on Certificate is valid to open the Certificate Viewer.

Oct 18, 2022

How does Chrome verify a certificate? ›

The Chrome Certificate Verifier applies standard processing to include checking: the certificate's key usage and extended key usage are consistent with TLS use cases. the certificate validity period is not in the past or future.

Show Me More ›

How to tell if a website is using TLS? ›

For Chrome

Open the Developer Tools (Ctrl+Shift+I)
Select the Security tab.
Navigate to the WebAdmin or Cloud Client portal.
Under Security, check the results for the section Connection to check which TLS protocol is used.

Sep 6, 2023

Read The Full Story ›

How to check TLS on webserver? ›

The easiest way to check the TLS version of a website is to use a TLS checker like https://www.ssllabs.com/ssltest. While Chrome no longer lets you check a website's TLS version in Developer Tools, the version is still easy to find in Firefox and Microsoft Edge.

See Details ›

How to check certificate original or fake online? ›

Here are some general steps you can take to check whether a certificate or degree or Diploma is original or fake:

Contact the Institution.
Check Online Databases.
Request Transcript Sample.
Contact the Registrar's Office.
Check for Security Features.
Use Professional Verification Services.
Compare with Known Samples.

Get More Info Here ›

How to verify TLS certificate? ›

Most browsers display a padlock to show that your connection is secure and the site's TLS certificate is valid. To make sure you're securely connected to a website using HTTPS, check the following: The padlock is displayed: This indicates that the connection is secure.

How does the browser know to use HTTPS? ›

Specifically, your browser will verify whether: The website's SSL certificate was issued by a certificate authority on the browser's trusted list. (The browser uses the certificate authority's digital signature to instantly confirm that the certificate authority issued the website's certificate.)

What triggers TLS? ›

Tumor lysis syndrome (TLS) is an oncologic emergency that is caused by massive tumor cell lysis with the release of large amounts of potassium, phosphate, and nucleic acids into the systemic circulation.

View Details ›

How do I verify my TLS key? ›

Check that the certificate is allowed on the SSL server. Check that the root certificate authority (CA) is an SSL Server CA certificate. Ensure that the keys are owned by the dbadmin and that only the dbadmin can read the keys.

How do SSL certificates verify identity? ›

SSL certificate verification follows a specific process and involves several steps. Firstly, the browser checks if the SSL certificate is valid and has not expired. It then verifies the digital signature of the certificate using the public key of the certificate authority (CA) that issued it.

Learn More ›

How is SSL certificate chain verified? ›

Regardless of the number, each certificate in the chain of trust is digitally signed and identified by the next one to verify the authenticity of the SSL certificate.

Discover More Details ›