Why should we give PRIVATE key in setKeyAndChain service?

devi1 · July 16, 2012, 12:11am

Hi All,

In SSL handshake, SSL server will send its digital certificate that contains its public key.

Optionally server can request the client certificate from client.

Client will send its public key digital certificate & CA certificate to the server.

Doubt:

Assume IS is going to invoke services in two more servers called A and B.

“A” will accept the default certificates of the IS.

But B will accept the certificate that is signed by their own CA.

So before invoking the B server service, we will invoke the setKeyAndChain service and we will mention the absolute path of PRIVATE key. (This is what mentioned in the IS Admin pdf)

Doubt is when we used to setKeyAndChain service why we are sending the PRIVATE key.

In case if I misunderstood something here then please help me to understand.

Thanks
Devi

Tong_Wang · July 16, 2012, 7:45pm

The private key won’t be sent to the other side.
During SSL handshake, your public key will be sent to the other side. The other side will use it to encrypt session key. Once your system received the encrypted message, it will use your private key to decrypt the message.
Without private key you won’t able to finish the handshake.