How is a server certificate validated in SSL?

Let's say server S sends it's certificate to client C. What is the method used to validate that this certificate is authentic?

What are the steps carried out to ensure that this is indeed the certificate issue to server S by a CA ?

Solution

The server sends a digital signature over the handshake data, signed by the private key coresponding to the public key in the certificate. The client verifies the signature with the public key. That establishes that the server owns the private key.
The client attempts to establish a trust relationship between the CAs that it trusts and the IssuerDN chain of the certificate. If successful, that establishes that the chain of CAs all believe in the next one's identity all the way to the SubjectDN of the certificate.

So at this point we know that the server owns the private key implied by the certificate's public key, and that the owner of the certificate is who it says he is. So now we know who he is.

Send HTTP_1_1_REQUIRED from ASP.NET Core controller
Composer Curl error 60: SSL certificate problem: unable to get local issuer certificate
openssl how to check server name indication (SNI)
How to I deploy nextjs application in a production environment, using ssl?
TLS client without any server verification
How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
Is there a way to get the OpenSSL X509 certificate name that im sending to peer in C++?
pip always fails ssl verification
Trust Anchor not found for Android SSL Connection
How to add self-signed generated certificate to trusted certificates from inside a Java keystore?
How to force Laravel Project to use HTTPS for all routes?
Using Keycloak behind a reverse proxy: Could not open Admin loginpage because mixed Content
Python SSL default context not including TLS 1.1 or SSL 2 ciphers
How do I switch Docker containers with .NET Blazor applications from HTTP to HTTPS?
Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID
javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
How to simulate non-SNI browsers (without SNI support)?
How to access phpmyadmin on DDEV Windows 10 pro localhost with SSL record too long error
cURL with SSL certificates fails: error 58 unable to set private key file
Specifying Arduino WiFiClientSecure Certificates
maxscale cannot find gtid_binlog_pos
FreeSWITCH TLS error in 'Client Hello' Request
ASP.NET Core Development Certificates - error exporting the HTTPS developer certificate
Get certificate's public key in the PKCS8 format
Why is Firefox not trusting my self-signed certificate?
Difference between pem, crt, key files
Is it a good idea to distribute docker image containing my selfsigned certificate?
PKIX path building failed: unable to find valid certification path to requested target on chaincode commit on Hyperledger Fabric production network
enable https jenkin server on ubuntu 24.04
OkHTTP (v3.0.0-RC1) Post Request with Parameters