I need to understand the basics of using CA root certs on the browser and what happens in the background to validate the cert.
1) If the browswer has say, for example, the public key for Verisign or Microsoft.com (root CA) then when I hit a site that has been issued a key from say, Verisign, will the browser need to go out and still validate that the cert is valid by quering Verisign or does it do this by looking its local Verisgn public key?
2) I have seen, or so I thought, instances where the client or server even in server-to-server communication attempt to go out and validate the cert being presented to it. When would it go out and validate the cert with the root CA and when would it NOT?
Any information would be highly appreciated including any good links.
Thank you,
1) If the browswer has say, for example, the public key for Verisign or Microsoft.com (root CA) then when I hit a site that has been issued a key from say, Verisign, will the browser need to go out and still validate that the cert is valid by quering Verisign or does it do this by looking its local Verisgn public key?
2) I have seen, or so I thought, instances where the client or server even in server-to-server communication attempt to go out and validate the cert being presented to it. When would it go out and validate the cert with the root CA and when would it NOT?
Any information would be highly appreciated including any good links.
Thank you,
