- used in asymmetric cryptography
- public key and private key are mathematically related
- what's encrypted with public key can only be decrypted by private key
- server generate public/private key pair
- server send public key to client in SSL/TLS certificate (any website with https address use SSL/TLS)
- client use CA to verify certificate is legit
2. trustStore vs. keyStore
- trustStore is normally on client and is used to store public key (certificate) from trusted CA
- client will encrypt message with pubic key
- keyStore is normally on server side and stores private key and public key pair
- server use private key to decrypt client message
- you can have trustStore and keyStore on both client and server side, if client also need to authenticate itself to server
3. .crt file vs .key file
- crt file is public key
- key file is private key
4. .p12 file vs .jks file
- p12 file hold both private and public key
- jks file hold both private and public key
- jks is for java application and p12 support across different platforms
6. ssl certificate chain
- end user certificate
- intermediate certificates
- root certificate
- when install end user certificate, you must bundle all intermediate certificates and install them along with end user certificate
- the list of certificates, from root to end user, represent certificate chain
7. ca bundle
- ca bundle is a file that contains root and intermediate certificates
- end user certificate + CA bundle = certificate chain
8. 2-way authentication (see link)
9. get certificate from browser
10. how to add cert file to java truststore
11. cors
9. get certificate from browser
10. how to add cert file to java truststore
11. cors
- domain 1 is not allowed to call domain 2 api (access domain 2 asset) unless correct Access-Control-Allow-* header is set in domain 2 api
- public key is stored in ssh server
- private key is stored in ssh client
reference
