TLS Certificates#
With asymmetric encryption we got a key pair: a private key and a public key. TLS is the same thing: you get a private key and a certificate. The private key is used on the server-side and the certificate is what's made public.
The private key is used server-side to encrypt information during the TLS negotiation - the handshake. If this is compromised, then that's a big problem. All traffic sent between the remote server and all HTTP clients visiting the website could be intercepted and decrypted.
The certificate is public, however. In fact it's actually available inside of your browser, look:
That's the TLS certificate for Wikipedia. We can use it was issued by a "Root Certificate Authority" (root CA) called DigiCert. That's something we'll cover later: root CAs and signing certificates.
Your browser will use that certificate to validate the identity of the remote web server and exchange a secret key for the symmetric algorithm.
We'll cover certificates in more detail further down the line.