Forum Discussion
janholtz
Sep 18, 2016Altostratus
The certificate provides an algorithm to ENCRYPT the traffic, with an assurance that the traffic can only be DECRYPTED by the holder of the private key.
You are effectively handing out padlocks to anyone that asks for it (and that padlock has a signature on it that tells the user that it was sourced from a trusted entity).
The client trusts that the person handing out the padlocks is the same one that has the key to unlock it.
BR Sproggg