I have a RESTFul API that I want to secure using SSL Certs. If I were to get some SSL certificates, would I need separate ones for each of my web clients that use my API or would the API be the only thing that needs the certificate?
- SSL provides a complete secure channel, with authentication, message integrity, and message encryption. - You must obtain and manage PKI certificates. - The client platform must support SSL client certificates.
Generally, most web servers running HTTPS do not require the client to have a certificate. If the server requires the client to authenticate, this is often done through credentials (e.g. username and password).
An SSL authentication assures that interactions between client and server are secure by encrypting the link that connects them, making it much harder for unauthorized entities to gain access to sensitive information. With RESTful web services, SSL authentication is slightly different than other SSL authentications.
The client SSL certificate is installed on any device that's meant to connect with a given website or server, when the user navigates to that end point the authentication of their client SSL certificate serves as the “something you have” portion of the two-factor authentication, allowing the user to simply enter a ...
The SSL certificate is installed on your web server hosting your REST API. The clients don't need to have a certificate to securely exchange data with your server.
Think about all the e-banking/e-shopping sites that you probably use. You don't specifically install any certificates on your computer to be able to use them. As long as you trust the certification authority that issued the certificates to those websites (handled by your computer transparently), your computer can connect to them over SSL.
So, as long as your own server's SSL certificate is valid and issued by a trusted certification authority, your clients will be able to connect securely over SSL without needing separate certificates.
SSL Certificates are for Web Server. You install them in your Web Server. Certificates are matched to your domain. They have nothing to do with the clients. Any client can access your server if you have a valid certificate.
I think you have multiple Resful API's. Now you need not have separate Certificates for API's since Certificates are matched to your server's domain and not to the API's you host. You can have any number of API's and Clients connected to your server using a SSL Certifcate.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With