an ssl client has determined that the certificate authority (ca) issuing a server's certificate is on its list of trusted cas. what is the next step in verifying the server's identity? answer the domain on the server certificate must match the ca's domain name. the ca's public key must validate the ca's digital signature on the server certificate. the master secret is generated from common key code. the post-master secret must initiate subsequent communication.