What Is Client Certificate Authentication

Q

What Is Client Certificate Authentication?

✍: FYIcenter

A

Client Certificate Authentication is an extra layer of security protection added to the normal SSL socket communication.

In a normal SSL socket communication:

  • The client is asking for the server to show server certificate.
  • The client validates the server certificate to ensure the server is known and can be trusted.
  • The client is protected because it is communicating with a known and trusted server.
  • However the server is not protected, because it is communicating with an unknown client.

SSL socket communication with client certificate authentication:

  • The client is asking for the server to show server certificate.
  • The client validates the server certificate to ensure the server is known and can be trusted.
  • The client is protected because it is communicating with a known and trusted server.
  • The server is asking for the client to show client certificate.
  • The server validates the client certificate to ensure the client is known and can be trusted.
  • The server is protected because it is communicating with a known and trusted client.

Diagram below highlights extra steps needed for client certificate authentication in the sequence of messages that are exchanged in the SSL handshake:
SSL Handshake Message Sequence with Client Authentication

 

Create SSL Client Certificate with "keytool"

Make SSL Server Certificate Trusted

Examples for jsse.jar - Java Secure Socket Extension

⇑⇑ FAQ for jsse.jar - Java Secure Socket Extension

2018-06-27, 1673🔥, 0💬