What is a certification base authentication (also known as Client certification / Mutual TLS authentication) ?

Public Key Crypto Pair Key Creation

About

A certification-base authentication is a asymmetric authentication method that verify the identity via certification validation.

A signed certificate is presented to the application (server or client) that verifies it against a list of authorized Certificate Authority (CA). If the certificate is valid, the server/client is authenticated.

This server and client certificate validation is done during the SSL handshake.

Flow

The server authentication is mandatory for SSL (ie while the client one is optional).

Server Authentication

To enable SSL on a server (and any protocol based on it such as HTTPS), the server needs to present a digital certificate known as Server Authentication

For more information, see the dedicated page: How to enable SSL on a server (ie HTTPS on a web server) ?

Client Authentication

Client certificate authentication uses the same mechanism but the other way around.

  • The client authenticate him-self to the client by sending a digital certificate signed by a CA that is in the list of trusted CA
  • The server verifies it

Because every client with a valid certificat can login, you need to keep a list of valid certificat if you need to revoke it later.

For more information, see the dedicated page: What is a client certificate authentication ? (SSL/TLS Web)





Discover More
400 Default Page No Required Ssl Certificate
How to configure certification based client authentication with Nginx ?

This article shows you how to configure a client authentication via the ownership of a certificat on a Nginx web server. The server should be already configured for HTTPS as client certificate (client...
Web Site Certificate
How to enable SSL on a server (ie HTTPS on a web server) ?

This page shows you how to configure a certificate and a private key for a server in order to enable SSL or a web server (http) (ie web site) in order to enable https (ie HTTP over SSL).
SSL - Handshake

This page describes the TLS handshake process. The TLS handshake process is the first step in a SSL connection where the two parties (client and server): verifies the identity of each other via certification...
Server Name Indication (SNI)

Server_Name_Indication is an extension to the TLS computer networking protocol (not SSL) by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process....
Public Key Crypto Pair Key Creation
What is Sender authentication ? (Public Key Authentication based, Certificate-based in Cryptography)

Sender Authentication is based on the digital signature. If you can decrypt the signature successfully, it proves that the message come from: a particular sender or group There is three type of...
Public Key Crypto Pair Key Creation
What is a client certificate authentication ? (SSL/TLS Web)

Client certificate authentication is a certification based authentication mechanism where the client identifies itself to the server by sending a signed certificate. The server just needs to verify the...



Share this page:
Follow us:
Task Runner