crypto:asymmetric:cert-based-authentication

About

A certification-base authentication is a asymmetric authentication method that verify the identity via certification validation.

A signed certificate is presented to the application (server or client) that verifies it against a list of authorized Certificate Authority (CA). If the certificate is valid, the server/client is authenticated.

This server and client certificate validation is done during the SSL handshake.

Flow

The server authentication is mandatory for SSL (ie while the client one is optional).

Server Authentication

To enable SSL on a server (and any protocol based on it such as HTTPS), the server needs to present a digital certificate known as Server Authentication

The server authenticate him-self to the client by sending a digital certificate signed by a CA that is in the list of trusted CA.
The client verifies it

For more information, see the dedicated page: How to enable SSL on a server (ie HTTPS on a web server) ?

Client Authentication

Client certificate authentication uses the same mechanism but the other way around.

The client authenticate him-self to the client by sending a digital certificate signed by a CA that is in the list of trusted CA
The server verifies it

Because every client with a valid certificat can login, you need to keep a list of valid certificat if you need to revoke it later.

For more information, see the dedicated page: What is a client certificate authentication ? (SSL/TLS Web)

Table of Contents

About

Server Authentication

Client Authentication