!!! Overview
[{$pagename}] describes a Step within the [TLS Handshake] process.

The [user-agent] sends a digital signature computed by the [user-agent] over all previous handshake messages. 

%%information
The [{$pagename}] message is ONLY sent when the server requested a [user-agent] certificate that has signing capability (i.e. all [certificates] except those containing fixed Diffie-Hellman parameters) and the [user-agent] complied.
%%
When sent, it will immediately follow the [ClientKeyExchange].

This is how the [user-agent] proves to the server that it really "owns" the [Public Key] which is encoded in the certificate it sent in the [CertificateRequest].

Structure of this message:
%%prettify 
{{{
struct {
    Signature signature;
} CertificateVerify;

CertificateVerify.signature.md5_hash
    MD5(handshake_messages);

Certificate.signature.sha_hash
    SHA(handshake_messages);
}}} /%

In [TLS] the [{$pagename}] process is where the [user-agent] sends the [Digital Signature] computed by the [user-agent] using its [Private Key] over all previous handshake_messagess, including the type and length fields of the handshake_messagess, starting at [ClientHello] up to but not including this [{$pagename}] message to the server in an unencrypted message.

The Next Step the [user-agent] sends  the [change_cipher_spec] in an unencrypted message.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]