Search code examples
sslencryptiondigital-certificate

Does the server need a copy of CA certificate in PKI?


As I understand the working of digital certificates: 1. The server generates public and private key 2. It then generates a CSR and submits it to the CA 3. The CA signs it with its private key and returns the certificate to server

While sending data to server: 1. Encrypt the data using server's public key and transmit. Only server will be able to decrypt it as it has the private key

While downloading data from server: 1. The server encrypts the data using its private key. It trasmits the certificate and the data. 2. User decrypts the certificate using CA's public key. 3. Then decrypts the data using the public key obtained from decrypted certificate.

I think what server needs is only private key and the certificate issued by CA Client needs is CA public key What I don't understand is the server config too has an option of specifying CA cert file path. Will this ever be used if we are talking about server only security that is the client is not using its own keys ? Is that a mandatory parameter for server config with SSL/TLS ?

I hope I am making sense


Solution

  • While sending data to server: 1. Encrypt the data using server's public key and transmit. Only server will be able to decrypt it as it has the private key

    While downloading data from server: 1. The server encrypts the data using its private key. It trasmits the certificate and the data. 2. User decrypts the certificate using CA's public key. 3. Then decrypts the data using the public key obtained from decrypted certificate.

    That's completely wrong (remember, you don't actually encrypt with a private key). That's not at all how SSL works. A new symmetric key is generated for the encryption, per session. See this question for more details.

    The CA certificate is used as a trust anchor to verify the identity of the remote party.

    Strictly speaking the server itself doesn't need to have a copy of the CA used to sign its own certificate, since it's up to the remote party (the client) to have it as a trust anchor (i.e. something it already trusts).

    Nevertheless, it can send the CA certificate as part of its server chain. It is in fact recommended to do so if the CA certificate is itself signed using another CA certificate up the chain. Doing so increases the chances of being authenticated by the remote party.

    Servers generally can have options to specify the CA cert for two reasons (depending on what the option is):

    • Presenting their own certificate chain (i.e. with intermediate CA certificates).
    • Verifying the client certificate when used (in this case the server has its own trust anchors that lets it verify the remote certificate, which is the client certificate).