|Posted by:||amsical (amsic…@discussions.microsoft.com)|
|Date:||Sat, 8 Sep 2007|
SSL can be used in the following 2 situations:
1. Where Server and Client know each other
2. Where Server and Client does not know each other e.g. secure public sites
In the first scenario above, Server will have Server Certificate and Client
will have Client Certificate. Server will encrypt a message using Client's
public key and Client will encrypt a message using Server's public key. Each
will use their own Private key to decrypt the same.
Now, in the second scenario above, Server will have Server Certificate but
Client will not have Client Certificate. Client can encrypt a message using
Server's public key. But how the Server will send the encrypted message in
absence of no Client Certificate? or is it that a temporary public-private
key is provided to the client?