Client certificate authentication is a certification based authentication mechanism where the client identifies itself to the server by sending a signed certificate.
A Client certificate is also known as:
The server just needs to verify the certificate to authenticate the client.
This is part of the SSL handshake.
Because a client certificate is a keystore that contains
it's also known as a identity certificate
Because of the private key, it should be passphrase protected and is therefore generally stored in a p12 keystore
In the certificate usages (extended), this authentication is also known as the SSL/TLS Web Client Authentication or client authentication for short.
Multi-Factor Authentication (Mfa / 2fa): You can configure an application (such as a web site) so that any user wishing to connect is required to provide:
The configuration is the inverse of the server one.
In a server configuration,
while in a client configuration:
See for instance for nginx: How to configure certification based client authentication with Nginx ?
A revoked certificat is a certificat that is in a list containing all revoked certificat. See the following page for revocation management: How to revoke a certificat with the Certificate Revocation List (CRL) ?
A client certificate has the following extensions: