Solved

Server and Client Certificate

Posted on 2002-04-27
4
528 Views
Last Modified: 2008-03-06
What is the difference between SERVER CERTIFICATE and CLIENT CERTIFICATE ? When will I use server certificate or client certificate ??

   According to the IIS Webserver that using SSL , Digital Certificate that WEB Server received from CA,is it server or client certificate ?
0
Comment
Question by:rotaris357
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
server certificate
0
 
LVL 3

Expert Comment

by:cincin77
Comment Utility
there is no difference from the side of the contents of the certificates. In a client/server session one machine is a client and the other is a server.And the certificate that server has is SERVER CERTIFICATE and vice versa.

SSL is a good example for the use of the certificates. Server Certificate is certainly a must, SSL also supports client certificates for the authentication of the client side but it is rarely used and client authentication is usually done with username-password pairs.

As ahoffmann stated the answer of your question is SERVER CERTIFICATE...

0
 

Accepted Solution

by:
arvi_sam earned 50 total points
Comment Utility
Hi,
Most of the answer has already been provided but I would attempt to close this one with some background.

Firstly, Digital Certificates are nothing but containers for public keys. These public keys are used to encrypt the session keys used for symmetric encryption, verify digital signatures etc.

SSL is just one application of Digital Certificates, and the most common one as well. SSL provides authentication, confidentiality and integrity of socket interactions.

When you want to secure your web interactions, you need SSL to ensure confidentiality and integrity of your data flow. Herein SSL also allows the client browser to authenticate the web server, as well as (optionally) the browser can provide a client certificate to the web server, and provided the client certificate is issued by an authority which is recognized by the web server as a legitimate one, this can function as a client authentication mechanism.

Also technically your web server certificate issued by Verisign, Thawte etc. is a Class 3 certificate wherein a notary has to authenticate the certificate owner as owning the asset (domain name) being mentioned in the certificate. Client certificates are issued at lower trust levels, and technically they are termed Class 1 or Class 2 certificates. The lower level of trust is primarily since lesser credentials (and lesser cash!) are required to be presented to obtain these certificates.

Check out RSA Labs FAQ on cryptography (http://www.rsasecurity.com/rsalabs/faq/) for more fundamentals on crypto, certificates etc.

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security.
0
 

Author Comment

by:rotaris357
Comment Utility
Thanks for the answer , anyway I want to know what each class of CA or Certificate is for and how it is functioned , Is it like DNS system that is separated in any level of system such as "www.yahoo.com",in this way , resolver must query dot com root server before and then to yahoo dns server or sth. like this. Is it the same concept ?


Many Thanks in advances
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Suggested Solutions

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now