4
5
I am having a hard time understanding client side and server side certificates, where they are used, what they do, etc. I would appreciate some real world examples of where each of them are used.
PeanutsMonkey
Posted 2011-11-02T02:09:10.017
Reputation: 7 780
11
A server-side cert is used to authenticate and identify the server to the client, as well as to encrypt the connection. This allows the client to have certain assurances when connecting to and communicating with the server. Sites that require security such as banks, etc. use them.
A client-side cert is used to authenticate the client to the server. In this way the server can be certain of who is connecting to the server in much the same way as with a username/password pair, but usually without requiring interaction with the user. They are used with services where the client must be identified but there may not necessarily be someone to enter a username and password, or such is not desired.
Ignacio Vazquez-Abrams
Posted 2011-11-02T02:09:10.017
Reputation: 100 516
Thanks. Are client-side certificates issued in the same manner server side certificates are? – PeanutsMonkey – 2011-11-02T02:15:12.397
They're usually issued by the organization that runs the server. – Ignacio Vazquez-Abrams – 2011-11-02T02:16:52.690
When you say
issued by the organization that runs the serverI assume you mean when an organization applies for a certificate from the likes of Thawte, etc. When you say the client is expected to import them how would this occur? For example I wish a client to authenticate themselves with a website, device, etc how would I issue a SSL certificate for them to import? – PeanutsMonkey – 2011-11-02T02:19:19.193I'm not certain of all the details; I've never actually had to generate or issue them myself. – Ignacio Vazquez-Abrams – 2011-11-02T02:20:05.497
1In order to issue a certificate, you need a certificate authority. This would be trusted by the web server, so any unrevoked certificate presented by a user to the website would be accepted as sufficient authentication. It is probably worth taking this to chat. – Paul – 2011-11-02T02:22:38.503
@Paul - Thanks Paul. Am about to head into a meeting so maybe I could catch you later today. Not sure if you received my last email but will drop you my Skype details if that's okay. – PeanutsMonkey – 2011-11-02T02:30:56.497
@PeanutsMonkey - I sent a couple of emails to your gmail account, but no reply? Perhaps they got junked. – Paul – 2011-11-02T02:33:21.593
@Paul - Did you receive the emails I dropped you? – PeanutsMonkey – 2011-11-02T18:19:40.567