Overview#
CertificateVerify describes a Step within the TLS Handshake process.The user-agent sends a digital signature computed by the user-agent over all previous handshake messages.
This is how the user-agent proves to the server that it really "owns" the Public Key which is encoded in the certificate it sent in the CertificateRequest.
Structure of this message:
struct { Signature signature; } CertificateVerify; CertificateVerify.signature.md5_hash MD5(handshake_messages); Certificate.signature.sha_hash SHA(handshake_messages);
In TLS the CertificateVerify process is where the user-agent sends the Digital Signature computed by the user-agent using its Private Key over all previous handshake_messagess, including the type and length fields of the handshake_messagess, starting at ClientHello up to but not including this CertificateVerify message to the server in an unencrypted message.
The Next Step the user-agent sends the change_cipher_spec in an unencrypted message.