Can I use a CA certificate for two ways (mutual) authentication

Question

I cannot get an answer from a CA company for this question.

I have to implement two ways SSL authentication between my server and my users computers. Users should access to my several API securly. I have an Comodo trial certificate and I use it on my web-server.

I'm wondering can I use this certificate on two-ways SSL authentication?

Some considerations:
I thought if I put a button on a web form and if a user can download the current web page's certificate when he presses the button. This would be nice. However I cannot know when the certificate will be out of service by CA.

Ps: Actually I've been continuing to my implementation

score 2 · Accepted Answer · edited Mar 17 '17 at 13:14

2

No, you cannot use the same certificate for both server- and client-side SSL authentication.

(Well, technically, you can - it won't break anything - but it means that the server private key will be known to N clients, each of which can then impersonate it, so that's just not going to work out.)

If you wanted to do Client SSL authentication, you'd want to issue individual certificates to all your clients. You can do that with your own CA, they don't need to be signed by a public CA, as long as your server can verify them against that CA.

See also this answer which might be useful to you.

edited Mar 17 '17 at 13:14

Community

1

answered Apr 02 '15 at 15:57

gowenfawr

71,975
17
161
198

Would it be ok to use your server cert to sign the client cert though? (EG as the issuer?) – NSjonas Dec 15 '18 at 00:25

Can I use a CA certificate for two ways (mutual) authentication

1 Answers1