Solved

Server and Client Certificate

Posted on 2002-04-27
4
531 Views
Last Modified: 2008-03-06
What is the difference between SERVER CERTIFICATE and CLIENT CERTIFICATE ? When will I use server certificate or client certificate ??

   According to the IIS Webserver that using SSL , Digital Certificate that WEB Server received from CA,is it server or client certificate ?
0
Comment
Question by:rotaris357
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6973798
server certificate
0
 
LVL 3

Expert Comment

by:cincin77
ID: 6996851
there is no difference from the side of the contents of the certificates. In a client/server session one machine is a client and the other is a server.And the certificate that server has is SERVER CERTIFICATE and vice versa.

SSL is a good example for the use of the certificates. Server Certificate is certainly a must, SSL also supports client certificates for the authentication of the client side but it is rarely used and client authentication is usually done with username-password pairs.

As ahoffmann stated the answer of your question is SERVER CERTIFICATE...

0
 

Accepted Solution

by:
arvi_sam earned 50 total points
ID: 7004640
Hi,
Most of the answer has already been provided but I would attempt to close this one with some background.

Firstly, Digital Certificates are nothing but containers for public keys. These public keys are used to encrypt the session keys used for symmetric encryption, verify digital signatures etc.

SSL is just one application of Digital Certificates, and the most common one as well. SSL provides authentication, confidentiality and integrity of socket interactions.

When you want to secure your web interactions, you need SSL to ensure confidentiality and integrity of your data flow. Herein SSL also allows the client browser to authenticate the web server, as well as (optionally) the browser can provide a client certificate to the web server, and provided the client certificate is issued by an authority which is recognized by the web server as a legitimate one, this can function as a client authentication mechanism.

Also technically your web server certificate issued by Verisign, Thawte etc. is a Class 3 certificate wherein a notary has to authenticate the certificate owner as owning the asset (domain name) being mentioned in the certificate. Client certificates are issued at lower trust levels, and technically they are termed Class 1 or Class 2 certificates. The lower level of trust is primarily since lesser credentials (and lesser cash!) are required to be presented to obtain these certificates.

Check out RSA Labs FAQ on cryptography (http://www.rsasecurity.com/rsalabs/faq/) for more fundamentals on crypto, certificates etc.

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security.
0
 

Author Comment

by:rotaris357
ID: 7075050
Thanks for the answer , anyway I want to know what each class of CA or Certificate is for and how it is functioned , Is it like DNS system that is separated in any level of system such as "www.yahoo.com",in this way , resolver must query dot com root server before and then to yahoo dns server or sth. like this. Is it the same concept ?


Many Thanks in advances
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now