I was watching a tutorial video related to AD FS in Windows 2012.
When setting up trust relationship between two AD FS servers, I'm not quite understanding how SSL/TLS works in terms of Private/Public Key. Maybe it would be the same situation between a website and users accessing it.
I read various articles related to SSL online, still not clear how SSL works.
My understanding of encryption of SSL traffic between a website and users;
Server has a private key and keep in its key store.
Then, server distribute Public keys to users and users download the Public key when accessing through a web browser.
Then, the user computer encrypts data using the public key and send to the web server.
Then, the web server decrypts data using its private key.
At this stage, the traffic is secured. Any middle man can't not decrypt data on the path.
But, when the web server sends data to the user computer, how the traffic is secured?
The web server encrypts data using private key and sends data to the user computer.
Since public keys are distributed to anyone, a middle man can grab the public key and decrypts data???
I guess the situation is the same between AD FS servers. If there are mutiple AD FS trusts, multiple trust partners have the same Public Keys. How traffic from a private key holder to a public key holder is secured?