Establishing a Secure Session

Upon establishing a preliminary connection with a target server, the Z and I Emulator for Windows client is presented a certificate by that server; if you have enabled client certificate authentication, your certificate is likewise presented to the server. The digital signature of the CA is authenticated using a published root certificate of the issuing CA. The client automatically decrypts certain information on the presented certificate using a public key on the CA's root certificate. This step is successful only when the presented certificate was encrypted using a well-guarded, unique, and corresponding private key, known only to the CA. This process can detect (and reject) intentional alterations (forgeries) and the rare garbling that can occur over data circuits.

Z and I Emulator for Windows also allows users to use self-signed certificates for this purpose.
Note:

Once this certificate-issuer authentication step succeeds, the client and server negotiate to agree on an encryption key to be used during the ensuing data exchange session.