Turn from: http://www.jianshu.com/p/0a7b028e2465
1. Who is configured one-way or two-way.
Configured by Server container
One-way certification process:
1. Client Say hello service side
2. The service side sends the certificate, the public key and so on to the client
3. Client CA authentication certificate, successful continuation, unsuccessful pop-up selection page
4. Client tells the server to support the encryption algorithm
5. Server-side Select the highest level encryption algorithm to notify the client explicitly
6. Client generated random symmetric key keys, using the service-side public key encryption sent to the server
7. The service end uses the private key decryption, obtains the symmetric key keys
8. Subsequent client and server use the key keys for encrypted communication
Two-way certification process:
1. Client Say hello service side
2. The service side sends the certificate, the public key and so on to the client
3. Client CA authentication certificate, successful continuation, unsuccessful pop-up selection page
4. The client sends its own certificate and public key to the server
5. Server-side authentication client certificates, such as not by direct disconnect
6. Client tells the server to support the encryption algorithm
7. Server-side selection of the highest level encryption algorithm to use the client's public key encryption sent to the client
8. Client received after the use of the private key to decrypt and generate a random symmetric key keys, using the service-side public key encryption sent to the server
9. The service end uses the private key decryption, obtains the symmetric key keys
10. Subsequent client and server use the key keys for encrypted communication
Reference: http://blog.csdn.net/duanbokan/article/details/50847612