?
Solved

Server and Client Certificate

Posted on 2002-04-27
4
Medium Priority
?
545 Views
Last Modified: 2008-03-06
What is the difference between SERVER CERTIFICATE and CLIENT CERTIFICATE ? When will I use server certificate or client certificate ??

   According to the IIS Webserver that using SSL , Digital Certificate that WEB Server received from CA,is it server or client certificate ?
0
Comment
Question by:rotaris357
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6973798
server certificate
0
 
LVL 3

Expert Comment

by:cincin77
ID: 6996851
there is no difference from the side of the contents of the certificates. In a client/server session one machine is a client and the other is a server.And the certificate that server has is SERVER CERTIFICATE and vice versa.

SSL is a good example for the use of the certificates. Server Certificate is certainly a must, SSL also supports client certificates for the authentication of the client side but it is rarely used and client authentication is usually done with username-password pairs.

As ahoffmann stated the answer of your question is SERVER CERTIFICATE...

0
 

Accepted Solution

by:
arvi_sam earned 200 total points
ID: 7004640
Hi,
Most of the answer has already been provided but I would attempt to close this one with some background.

Firstly, Digital Certificates are nothing but containers for public keys. These public keys are used to encrypt the session keys used for symmetric encryption, verify digital signatures etc.

SSL is just one application of Digital Certificates, and the most common one as well. SSL provides authentication, confidentiality and integrity of socket interactions.

When you want to secure your web interactions, you need SSL to ensure confidentiality and integrity of your data flow. Herein SSL also allows the client browser to authenticate the web server, as well as (optionally) the browser can provide a client certificate to the web server, and provided the client certificate is issued by an authority which is recognized by the web server as a legitimate one, this can function as a client authentication mechanism.

Also technically your web server certificate issued by Verisign, Thawte etc. is a Class 3 certificate wherein a notary has to authenticate the certificate owner as owning the asset (domain name) being mentioned in the certificate. Client certificates are issued at lower trust levels, and technically they are termed Class 1 or Class 2 certificates. The lower level of trust is primarily since lesser credentials (and lesser cash!) are required to be presented to obtain these certificates.

Check out RSA Labs FAQ on cryptography (http://www.rsasecurity.com/rsalabs/faq/) for more fundamentals on crypto, certificates etc.

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security.
0
 

Author Comment

by:rotaris357
ID: 7075050
Thanks for the answer , anyway I want to know what each class of CA or Certificate is for and how it is functioned , Is it like DNS system that is separated in any level of system such as "www.yahoo.com",in this way , resolver must query dot com root server before and then to yahoo dns server or sth. like this. Is it the same concept ?


Many Thanks in advances
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question