Certificate and peivate key for thing

embeddedx wrote on September 22, 2019:

During TLS handshaking the client receives the server certificate and cerify it.
1- Hiw the client (thing) verify the certificate?
2- The thing have a certificate and a private key embedded in the configuration, does the client
passes it’s certiticate also? What is the usae of the private key?
3- If we can extract the public key from the certificate why does we have as parate public key?

If there is a detailed reference about these stuff that would be very helpful.


Gaurav-Aggarwal-AWS wrote on September 24, 2019:

No, because they won’t have the private key corresponding to the Amazon certificate. When someone presents a certificate, a challenge response mechanism is used to ensure that the entity also has the corresponding private key. In this case, the impersonator will fail to prove the possession of private key leading to authentication failure.