CA Client Verification Process

The client verifies the certificate by comparing the hash value decrypted with the public key to the hash value it calculates.

This ensures:

The signer cannot deny their actions, as only the private key holder can sign.
The signed content cannot be altered; any modification will cause the verification to fail.

Thus, after the CA signs the certificate, no part of the certificate can be modified, including CA:FALSE and the validity period. If expired, the certificate must be re-signed. Simply changing the date to extend its use is not possible.

Many people mistakenly believe that certificate issuance involves the CA signing with its certificate. In reality, the CA only uses its private key to append an encrypted hash value to the original certificate.

Reference

All I Know About Certificates — Certificate Authority | PixelsTech

Explorer

CA Client Verification Process

Reference

Table of Contents

Backlinks

Explorer

CA Client Verification Process §

Reference §

Table of Contents

Backlinks

CA Client Verification Process

Reference