SSL and certificates

K

Kevin

Are client certificates necessary for SSL or just server
certificates?

The Microsoft help for setting up SSL takes you through
creating a server root certificate and another server
certificate and then installing each on all of the
clients. But other documentation that I have read
suggests that SSL only needs server certificates and that
client certificates are only needed for certificate
authentication. I want to use forms authentication and
don't won't to force our customers to deploy client
certificates if they don't have too.
 
T

Thomas Møller Jensen

You only need a server certificate for having users authenticate securely
with forms authentication over a SSL encrypted connection. In this scenario
the users are authenticated using their username and password, submitted to
the server over SSL.

Client certificates is not used for securing the connection between client
and server, but only to authenticate users. In this kind of scenario the
users does not submit their username/password for authentication, but
instead uses their client certificate to authenticate.
 
A

Alun Jones [MS MVP]

"Kevin" said:
Are client certificates necessary for SSL or just server
certificates?
Click to expand...

Just a server certificate. However...
The Microsoft help for setting up SSL takes you through
creating a server root certificate and another server
certificate and then installing each on all of the
clients.
Click to expand...

The client needs to have some way to believe that the server's certificate
is genuine. It does that either by trusting the server's certificate, or
one of the certificates that were used to sign the server's certificate.

This is where installing the certificates comes in - your client only trusts
those certificates that it has been told to trust. Internet Explorer ships
with a few certificates already described as "trusted" - these are generally
root certification authorities, and IE will implicitly trust any server that
presents a certificate signed by one of these Trusted Roots.

To get your server certificate trusted by a client's installation of IE, you
have to do one of the following:

1. Get your certificate from a CA that is already a trusted root at the
client's IE installation.
2. Have the client install your server's certificate as trusted.
3. Have the client install as trusted the certificate from the CA that
issued your server's certificate.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Secure ssl connection with wrap_socket 3
ANN: eGenix pyOpenSSL Distribution 0.13.2.1.0.1.5 0
Perl, Apache and Certificates 2
python xmlrpc client with ssl client certificates and standard modules 9
Java applets and client-side ssl certificates? 0
XMLRPC and SSL 1
Secure your Online Store with SSL Certificates 0
Using X509 Certificates to access a Web Service from Windows Mobile? 2

Members online

No members online now.
Total: 34 (members: 0, guests: 34)
Robots: 451

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top