Before data can be sent across an SSL connection, the two ends must negotiate and exchange key information. This is called the handshake protocol. We won't go into much detail about the handshake protocol here, because it isn't necessary for our purposes. For our purposes, you need to know that the handshake involves the following steps:

1. The server sends its certificate to the client and the client verifies the server certificate.
   
   
2. The client sends its certificate to the server and the server verifies the client certificate.
   
   
3. The client encrypts password information with the server's public key and sends it to the server. This password information is used by each end of the connection to generate identical secret keys, which will then be used to transmit data.

Client authentication (Step 2) is optional: the server can request that the client provide its certificate, but it is not required to make such a request. We will be using client authentication in our example.

Now that you have a basic understanding of the infrastructure of JCA and JSSE under your belt, we can move on to the more active part of the tutorial: working with a live example.