Solved

Server and Client Certificate

Posted on 2002-04-27
4
535 Views
Last Modified: 2008-03-06
What is the difference between SERVER CERTIFICATE and CLIENT CERTIFICATE ? When will I use server certificate or client certificate ??

   According to the IIS Webserver that using SSL , Digital Certificate that WEB Server received from CA,is it server or client certificate ?
0
Comment
Question by:rotaris357
4 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 6973798
server certificate
0
 
LVL 3

Expert Comment

by:cincin77
ID: 6996851
there is no difference from the side of the contents of the certificates. In a client/server session one machine is a client and the other is a server.And the certificate that server has is SERVER CERTIFICATE and vice versa.

SSL is a good example for the use of the certificates. Server Certificate is certainly a must, SSL also supports client certificates for the authentication of the client side but it is rarely used and client authentication is usually done with username-password pairs.

As ahoffmann stated the answer of your question is SERVER CERTIFICATE...

0
 

Accepted Solution

by:
arvi_sam earned 50 total points
ID: 7004640
Hi,
Most of the answer has already been provided but I would attempt to close this one with some background.

Firstly, Digital Certificates are nothing but containers for public keys. These public keys are used to encrypt the session keys used for symmetric encryption, verify digital signatures etc.

SSL is just one application of Digital Certificates, and the most common one as well. SSL provides authentication, confidentiality and integrity of socket interactions.

When you want to secure your web interactions, you need SSL to ensure confidentiality and integrity of your data flow. Herein SSL also allows the client browser to authenticate the web server, as well as (optionally) the browser can provide a client certificate to the web server, and provided the client certificate is issued by an authority which is recognized by the web server as a legitimate one, this can function as a client authentication mechanism.

Also technically your web server certificate issued by Verisign, Thawte etc. is a Class 3 certificate wherein a notary has to authenticate the certificate owner as owning the asset (domain name) being mentioned in the certificate. Client certificates are issued at lower trust levels, and technically they are termed Class 1 or Class 2 certificates. The lower level of trust is primarily since lesser credentials (and lesser cash!) are required to be presented to obtain these certificates.

Check out RSA Labs FAQ on cryptography (http://www.rsasecurity.com/rsalabs/faq/) for more fundamentals on crypto, certificates etc.

Regards,

Arvind Shyamsundar
Brainbench MVP for Internet Security.
0
 

Author Comment

by:rotaris357
ID: 7075050
Thanks for the answer , anyway I want to know what each class of CA or Certificate is for and how it is functioned , Is it like DNS system that is separated in any level of system such as "www.yahoo.com",in this way , resolver must query dot com root server before and then to yahoo dns server or sth. like this. Is it the same concept ?


Many Thanks in advances
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question