The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Security is an important aspect of network communications. User terminals used by an end user to access services provided over a network often communicate to servers over secure communication sessions. The secure communication sessions may be encrypted by using server security certificates, particularly genuine security certificates issued and signed by certification authorities (CA). However, despite the user terminal receiving a properly signed server security certificate, there is often no indication that the server security certificate received from the server is directly related to the server with which the user terminal is attempting to communicate. Conventionally, a private network associated with the user terminal may have a network device, such as a router or a switch, responsible for intercepting the server security certificate and providing the server security certificate via the secure communication session to the user terminal, as if the user terminal received the server security certificate from the server. However, although the network device may intercept the secure communication session between the user terminal and the server to check the validity of the server security certificate, the network device cannot validate the direct relationship between the server security certificate and the server through a means other than the secure communication session.
Furthermore, in a private data network of an organization, such as a company network or a government network, the organization may have corporate security policies to guard against fraud, theft, and privacy and to comply with applicable regulations and laws. The organization may deploy a network security gateway to intercept communication sessions between internal computing devices and untrusted external computing devices. The network security gateway can inspect the communication sessions to ensure that predetermined organization security policies are followed. In such a scenario, it is possible to replace a server security certificate by a server security certificate generated by the network security gateway. However, as such security inspection is legitimate in the private data network of the organization, the network security gateway may need to assure the internal computing device that the replaced server security certificate is also legitimate.