Rate this article: (3 votes, average: 5.00)
Loading...
How client vs server certificates are used for authentication
As of 2018, most website owners are acutely aware of server SSL certificates. Client SSL certificates? Not so much. And that’s a shame because client SSL certificates can play a critical security function for larger organizations — provided they know how to effectively deploy them. What’s the difference between a client certificate vs a server certificate, and how is each used? Let’s check it out.
Comparing the Use of a Server Authentication Certificate vs Client AuthenticationCertificate
In this article, we’ll give an overview of the two different types of SSL certificates and what their intended use cases are. The first two sections will address the question “What is a client certificate vs server certificate?” before moving on to provide use case examples of client SSL certificates and how they’re authenticated.
What’s a Server SSL Certificate?
99% of the time when you hear someone mention an SSL/TLScertificate, they’re referring to the server variation. These certificatesaccomplish two things:
- They authenticate the entity that they’ve been issued to, and
- They facilitate secure HTTPS connections.
There are three different validation levels associated with server certificates: domain, organization, and extended. They’re intended to assert varying level of identity based on the needs of the site(s). There are also different types of certificates that vary by use-case: single domain, multi-domain, and wildcards.
Single Domain SSL Certificates — Save Up to 85%!
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo single domain SSL certificates at up to 85% off.
Shop for Single Domain SSL Certificates
The idea behind a server SSL certificate is simple: When aweb user arrives, the server sends the user’s browser the certificate. Theuser’s browser then verifies the authenticity of the certificate — which, inturn, verifies the organization or website that owns the certificate. Thecertificate also binds a public/private key pair that can be used forexchanging secure session keys to the website or server.
What’s a Client SSL Certificate?
A client certificate is a digital certificate used by a person/device to authenticate their identity to a remote server while making an online request. A server can rely on the client certificate to establish trust before responding to the request.
Remember all the stuff we just discussed with encryption andsharing session keys? Yeah, forget about it now. Client SSL certificates areissued entirely for the authentication of the party that owns them. They’remost commonly deployed to Internet of Things (IoT) devices, which is whythey’re sometimes called IoT certificates, but they also can be used withsmartphones, tablets, laptops — you name it. Anything that connects to theinternet.
Positive SSL is the best value basic SSL certificate
If you’re looking for a basic SSL certificate that provides strong encryption for your website, Comodo’s Positive SSL is the best value.
Buy A Positive SSL – 84% Off
What is the Use Case for Client SSL Certificates?
The simple answer? Two-factor authentication. Two factorauthentication (2FA) requires two of the following three things: something youhave, something you know, or something you are. The password is what you know.Typically, what you have is proven via an SMS message code or clicking a linkin an email.
A client SSL certificate handles the “something you have”requirement simply by residing on the device. When you use SSL/TLS fortwo-factor authentication, the device you’re connecting with is authenticatedat the outset of the connection — when the password is entered. If eitherfails, the connection fails. Otherwise, an encrypted connection ensues.
This is especially useful in large enterprise environmentswhere paying for physical random number generators (RNGs) or some othermechanism is cost prohibitive. Instead, you can automate your certificatemanagement platform to issue new device certificates to any device that’s givennetwork access. From there, anytime the employee tries to access gated portionsof the network, their certificate will be authenticated before establishing theconnection.
How is a Client SSL Certificate Authenticated?
Any time an SSL/TLS certificate is involved in a connection,a handshake ensues. During the handshake, the client will examine thecertificate and authenticate its validity. It does this by verifying thesignature, following the certificate chain, and checking CT logs and revocationlists. Provided all this checks out, the certificate is trusted.
When a client SSL certificate is involved, theauthentication that occurs during the handshake goes both ways. Client SSLcertificates also have a public/private key pair associated with them — though,in this case, it’s entirely for authenticating the signature, not encryption.The server handles the encryption. But it also uses the client certificate’spublic key to verify the issuing CA’s signature and runs the same sets ofvalidity checks.
Provided mutual authentication is achieved, the connectioncontinues unabated.
Client SSL certificates are a fast, affordable way to handletwo-factor authentication without ever having to invest in hardware.
client certificate ssl ssl certificate for website
Related posts:
- TLS vs SSL vs HTTPS – What’s the Difference?
- Why I Should Conduct an SSL Certificate Price Comparison
- SSL Cipher Suites: The Ultimate Guide
- How to Install SSL Certificate on AWS EC2 Instance
- Steps to Install a Windows SSL Certificate on Windows (IIS) Server
- DV vs OV vs EV SSL – Which Certificates Are Good for Site Security?
- A SSL Certificate File Extension Explanation: PEM, PKCS7, DER, and PKCS#12
- What Is an RSA Algorithm in Cryptography?