A Linux administrator is configuring a new web server to host a secure application. A new SSL/TLS certificate and a corresponding key pair have been generated. To secure the data in transit between clients and the server, the administrator must correctly configure the web server software. What is the fundamental role of the server's private key in establishing a TLS session?
It is used by the web server to encrypt the server's public certificate before presenting it to connecting clients.
It is installed on client systems to allow them to encrypt the initial session request sent to the server.
It must be sent to the Certificate Authority (CA) during the TLS handshake to validate that the server's public certificate is authentic.
It is used to decrypt data encrypted with the server's public key and to create digital signatures to prove the server's identity.
In a public key infrastructure (PKI) and TLS handshake, the server's private key has two primary functions. First, it is used to decrypt data that has been encrypted by a client using the server's corresponding public key (e.g., the pre-master secret in an RSA key exchange). Second, it is used to create a digital signature on parts of the handshake data, which proves to the client that the server is the legitimate owner of the public key and certificate. The private key must always be kept secret on the server.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a private key differ from a public key in PKI?