Update Getting-Started-with-Akka-http-signature.md

Getting-Started-with-Akka-http-signature.md

@@ -102,11 +102,11 @@ publ: scala.util.Try[java.security.PublicKey] = Success(
 ```
 The .readPublicKeyFrom() function returns a Try of Public/Private key depending on whether the String given can be parsed back to some valid key. If the operation is successful the value of the original key is assigned to the new value in BigInt format.
 
-The user can then save his keys on his local filesystem by using the following ammonite commands:
+The user can then save his keys on his local filesystem within a .keys directory which we will make use of later in the guide by using the following ammonite commands:
 
 ```scala
-write(wd/"publicKey.pem", RSAKeys.save(pub))
-write(wd/"privateKey.pem", RSAKeys.save(priv))
+write(wd/".keys"/"publicKey.pem", RSAKeys.save(pub))
+write(wd/".keys"/"privateKey.pem", RSAKeys.save(priv))
 ```
 This will save the contents of the key in String format within the file found by following the specified path in .pem files.
 
@@ -329,4 +329,19 @@ could not find actor for Actor[akka://rww/user/rootContainer/card]rww.ldp.LDPExc
         at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
         at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
 ```
+## Certificate Authority
+
+We have now shown how to use public and private keys to verify the identity of the user. But often we also want to let the user be able to confirm the identity of the server they are connecting to as well. This can be done through Certificate Authority. The user can view this on the rww-play server as it makes a CA for the locally hosted server.
+
+In order to test whether this functionality works, one first has to save rww-play's certificate locally by using the following command after the server has been run: 
+
+```bash
+$ keytool -printcert -sslserver localhost:8443 -rfc > ~/.keys/localhost_8443.crt
+```
+In the real world there tends to be a constant communication between the server and its clients so one doesn't have to retrieve the Certificate manually but for the purpose of this guide we will get that certificate in bash and store it in a file.
+
+The above command will retrieve the certificate and store it in a .crt file within the .keys directory, located in the current home directory for the user's system. For more information on SSL, one can refer to the [Quick start to WS SSL guide](http://typesafehub.github.io/ssl-config/WSQuickStart.html#obtain-the-root-ca-certificate).
+
+After that, the user can run the getTest script from within ammonite in order to verify the identity of the local server.
+
 ***