Which of the following is NOT true about SSL certificates?

Question $13$ options:

Web server uses its private key to decrypt the session key sent from the browser

Web server must have an SSL certificate that contains the public key for the RSA encryption

The client browser uses its private key to encrypt a session key and send it to Web server

Web server must have the private key associated with that certificate