TLS Handshake and the Chain of Trust

Run the TLS MicroSim Fullscreen

About This MicroSim

A six-step TLS 1.3 handshake animation with the certificate chain rendered below. Step through ClientHello → ServerHello → chain validation → key exchange → session key → encrypted data. Toggle MITM or force an expired certificate to see chain validation fail. Toggle attacker view to see what's actually on the wire.

Lesson Plan

Learning Objectives

By the end of this activity, students will be able to:

1. Describe the TLS handshake at a conceptual level
2. Explain how PKI's chain of trust prevents man-in-the-middle attacks
3. Predict what happens when a certificate is invalid

Related Resources

• Chapter 14: Security of Information Assets