Can I create client certificates from a server certificate that I buy from a certificate authority?

2

If i buy a certificate from Godaddy or a trusted certificate authority for my website. let's say example.com and i want to issue client certificates so i can validate certificates of clients connecting to my website. Can I use the certificate I bought to issue client certificates? So the clients can always verify their certificate against a trusted certificate authority and at the same time I ensure that only these clients I choose are the ones who can connect to my site?

mohamed nasr

Posted 2019-11-05T14:42:30.453

Reputation: 25

Answers

1

You can use the bought SSL certificate as a client certificate, but that's really a waste. You cannot, however, use this certificate to sign additional client certificates, which is most likely what you wish to do to authorize the remote users.

The best option would be to use your own private CA for this process as that allows for much more direct control. Client certificates don’t have to be publicly trusted by the clients, just trusted by your server. Since it’s also issuing them, this shouldn’t be a problem.

You may use OpenSSL or any other software to generate these certificates.

harrymc

Posted 2019-11-05T14:42:30.453

Reputation: 306 093

I think you're confused about giving away certificates. Certificates are public information (they have the public key embedded) so there is no security risk in giving away your certificates. What you should never do is give away your private key. Give the Root CA certificate to your clients and they can verify your certificate, but that's all they can do. Give them both the certificate and private key and you're in trouble :-) – garethTheRed – 2019-11-05T15:50:16.987

Asked: 2019-11-05T14:42:30.453

Viewed: 46 times

Active: 2019-11-05T15:18:07.757