In last article, we know the role of clients and their responsibilities for certificate verification. Finally, let's talk about websites. We've discussed many potential issues between CAs and clients concerning certificates, but the most frequent issue is with websites—many websites have faced this problem: certificate expiration.Websites need to ensure two things:Ensure their certificate does not expire.Protect their private key from being leaked. If someone else obtains the private key, the certificate loses its meaning of “only I can prove who I am.” When requesting a...

 Finally, in last article we’ve covered the responsibilities of CAs, showing that being a CA isn’t simple and has high management costs, explaining why issuing certificates costs money! This article we will cover the client in this chain.Verifying Certificates as a ClientFor clients, verifying certificates isn’t simple either. Articles introducing TLS handshakes often mention "the server sends back a certificate, and the client verifies it," but in reality, as we’ve seen, the server sends back multiple certificates!This can be confirmed by packet capture:...