What is a certification base authentication (aka SSL/ TLS Server | Client | Mutual authentication or Identity Certificate) ?

About

A certification-base authentication is a asymmetric authentication method that verify the identity via certification validation.

A signed certificate is presented to the application (server or client) that verifies it against a list of authorized CA. If the certificate is valid, the server/client is authenticated.

This server and client certificate validation is done during the SSL handshake.

Flow

The server authentication is mandatory for SSL (ie while the client one is optional).

Server Authentication

To enable SSL (ie HTTPS) on a server, the server needs to present a digital certificate known as Server Authentication

For more information, see the dedicated page: How to enable SSL on a server (ie HTTPS on a web server) ?

Client Authentication

Client certificate authentication uses the same mechanism but the other way around.

  • The client authenticate him-self to the client by sending a digital certificate signed by a CA that is in the list of trusted CA
  • The server verifies it

Because every client with a valid certificat can login, you need to keep a list of valid certificat if you need to revoke it later.

For more information, see the dedicated page: What is a client certificate authentication ? (SSL/TLS Web)


Powered by ComboStrap