Certificate-based Authentication

Authentication is the process of confirming identity. In the context of network interactions, authentication is the confident identification of one party by another. Certificates are one way of supporting authentication.

A certificate consists of digital data that specifies the name of an individual, company, or other entity, and certifies that the public key included in the certificate belongs to that entity.

Both clients and servers can have certificates. Server authentication refers to the confident identification of a server by a client (identification of the organization assumed to be responsible for the server at a particular network address). Client authentication refers to the confident identification of a client by a server (identification of the person assumed to be using the client software). Clients can have multiple certificates, much like a person might have several different pieces of identification.

A certificate is issued and digitally signed by a Certificate Authority, or CA. The CA can be a company that sells certificates, or a department responsible for issuing certificates for your company’s intranet or extranet. You decide which CAs you trust enough to serve as verifiers of other people’s identities.

In addition to a public key and the name of the entity identified by the certificate, a certificate also includes an expiration date, the name of the CA that issued the certificate, and the digital signature of the issuing CA.

For more information regarding the content and format of a certificate, see Introduction to SSL.

For more information regarding supported certificate extensions, see All About Certificate Extensions.

A server certificate must be installed before encryption can be activated.