SSL Certificates
TLS/SSL server certificate
In TLS/SSL, a server is required to present a certificate as part of the initial connection setup. A client browser connecting to that server will verify at least two things:
- The subject of the certificate matches the hostname/domain name to which the client is trying to connect.
- The certificate is signed by a trusted certificate authority.
Hostnames are listed in the Subject Alternative Name field of the certificate, though many CAs will also put a hostname in the Subject Common Name field for convenience or backwards compatibility. Certificates can be valid for multiple hostnames. Such certificates are commonly called SAN certificates or UCC certificates. If some of the hostnames contain an asterisk (*), a certificate may also be called a wildcard certificate.
A TLS server may be configured with a self-signed certificate. When that is the case, clients will generally be unable to verify the certificate, and will terminate the connection unless certificate checking is disabled.
TLS/SSL client certificate
Client certificates are less common than server certificates, and are used to authenticate the client connecting to a TLS service, for instance to provide access control. Because most services provide access to individuals, rather than devices, most client certificates contain an email address or personal name rather than a hostname. Also, because authentication is usually managed by the service provider, client certificates are not usually issued by a public CA that provides server certificates. Instead, the operator of a service that requires client certificates will generally operate their own internal CA to issue them. Client certificates are supported by many web browsers, but most services use passwords and cookies to authenticate users, instead of client certificates.
Client certificates are more common in RPC systems, where they are used to authenticate devices to ensure that only authorized devices can make certain RPC calls.
At I-SSL.com
We provide a widevarity of SSL certifcates and security solutions.