1. pre-installed certificate authorities
2. ssl/tls encription
ssl/tls handshake flow:
1. exchange digital certificate
2. generate shared secret key:
SSL and TLS use a combination of symmetric and asymmetric encryption to ensure message privacy. During the SSL or TLS handshake, the SSL or TLS client and server agree an encryption algorithm and a shared secret key to be used for one session only. All messages transmitted between the SSL or TLS client and server are encrypted using that algorithm and key, ensuring that the message remains private even if it is intercepted. SSL supports a wide range of cryptographic algorithms. Because SSL and TLS use asymmetric encryption when transporting the shared secret key, there is no key distribution problem.
After the shared secret key generated, SSL/TLS uses the shared secret key for the symmetric encryption in later communication.
basic concept:
1. digital signature: encrypted with privated key
2. certificate: public key of the subject
3. MAC: MEssage Authentication Code
4. certificate chain
原文:http://www.cnblogs.com/lynnge/p/5464662.html