Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Use Server Certificate As Client Certificate

Tags:

ssl-certificate

ServerA and ServerB are the web servers. ServerA wishes to communicate with ServerB. Can ServerA use its server certificate as a client certificate during mutual authentication ?

like image 867
Asur Avatar asked Aug 01 '11 03:08

Asur

People also ask

Can a server cert be used as a client cert?

Cryptographically, you can use either as the actual client side identity of an SSL connection, but the other side (the server on that particular connection) has to accept the certificate; most people don't put the Distinguished Name of servers into the database of acceptable identities.

What is the difference between client certificate and server certificate?

Client certificates tend to be used within private organizations to authenticate requests to remote servers. Whereas server certificates are more commonly known as TLS/SSL certificates and are used to protect servers and web domains.

How does a server authenticate client certificate?

SSL-enabled client software always requires server authentication, or cryptographic validation by a client of the server's identity. The server sends the client a certificate to authenticate itself. The client uses the certificate to authenticate the identity the certificate claims to represent.

1 Answers

SSL certificates are really identities. The difference between a client certificate and a server certificate is that a client certificate identifies a person (or the software acting on their behalf) and a server certificate identifies a service (or the machine hosting that service). Cryptographically, you can use either as the actual client side identity of an SSL connection, but the other side (the server on that particular connection) has to accept the certificate; most people don't put the Distinguished Name of servers into the database of acceptable identities. There's also the Extended Key Usage constraints that might or might not be present; if present, they could enforce the separation between server and client certificates (don't hack things to ignore policy requirements, please!) but I've no idea if that will actually apply to your situation. The rules there are a bit intricate.

In short: you can do it, but is it a good idea?

like image 142
Donal Fellows Avatar answered Sep 28 '22 10:09

Donal Fellows
Sign in to Comment

Related questions

GoDaddy SSL Certificate Keystore Installation Tomcat7
Ember fastboot works with at http api host but not an https one
Error: self signed certificate Node 12 app on Heroku
IE9 how to trace "Internet explorer blocked this website from displaying content with security certificate errors."
JAVA-Android- Validating the X509Certificate Against CA Certificate(Issuer Certificate)
SSLCACertificatePath in httpd
Where are SSL certificates are stored?
On ios, in ionic hybrid app, how to bypass certificate check (using self-signed certificates)
Invalid CA certificate with self signed certificate chain
How to pass value of NODE_EXTRA_CA_CERTS to AWS Lambda deployed with Serverless?
Digital Signature for SOAP message in WCF
IIS 7.5 Client certificate authentication
How to authenticate Game Center User from 3rd party node.js server
SSL Certificate Chain differs; how to verify?
Certificate pinning in Ajax calls
Forcing https in elasticbeanstalk with certificate from ACM
SSL: 'unable to get local issuer certificate'
FTPS publish in Visual Studio fails, results in "Secure connection was closed by the remote connection end."
Detect unsecure ssl-Connection
Can I reuse SSL certificate on a local machine with the same (locally configured) URL?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!