Sun Java System Web Server 6.1 SP12 Administrator's Guide

Certificate-based Authentication

Authentication is the process of confirming an identity. In the context of network interactions, authentication is the confident identification of one party by another party. Certificates are one way of supporting authentication.

Using Certificates for Authentication

A certificate consists of digital data that specifies the name of an individual, company, or other entity, and verifies that the public key, included in the certificate, belongs to that entity. Both clients and servers can have certificates.

A certificate is issued and digitally signed by a Certificate Authority (CA). The CA can either be a company that sells certificates over the Internet, or a department responsible for issuing certificates for your company’s intranet or extranet. You decide which CAs to trust to serve as verifiers of other people’s identities.

In addition to a public key and the name of the entity identified by the certificate, a certificate also includes an expiration date, the name of the CA that issued the certificate, and the “digital signature” of the issuing CA. For more information regarding the content and format of a certificate, see Introduction to SSL.

Note –

A server certificate must be installed before encryption can be activated.

Server Authentication

Server authentication refers to the confident identification of a server by a client. The process involves identifying the organization is responsible for the server at a specific network address.

Client Authentication

Client authentication refers to the confident identification of a client by a server. The process involves identifying the person using the client software. Clients can have multiple certificates, much like a person might have several different kind of identification.

Virtual Server Certificates

You can have a different certificate database for each virtual server. Each virtual server database can contain multiple certificates. Virtual servers can also have different certificates within each server instance.