6
During the exchange of information on TLS Handshake, the server sends a public key along with the certificate. The server also sends a second public key (Server Key Exchange) if the customer accepts the certificate.
If the server has already sent a public key along with the certificate, what is the need for a second public key?
1
As @Inkeliz has already mentioned, the point is that the certificate sent by the server is actually not a certificate, but a chain of certificates. The certificate itself is not signed directly by the certifying agency, but by an intermediary agency. However, the browser only knows the certification agencies, so it is necessary to create a chain from public keys to the signature of the root certifier.
If you need more details, there is this IBM article, which explains in more detail the security process of the TSL.
Browser other questions tagged https tls
You are not signed in. Login or sign up in order to post.
I believe the public key is to perform DH, either over ECDH or using X25519. Another option is because the certificate contains other certificates, such as the intermediary, and the client may only be aware of the authority, not the intermediaries or sub-CA.
– Inkeliz