HTTPS Client Authentication

HTTPS Client Authentication requires the client computer to possess a public key certificate (PKC). If client authentication is specified, the web server authenticates the client computer using the client computer's PKC.

HTTPS Client Authentication is a more secure method of authentication than either basic or form-based authentication. HTTPS Client Authentication uses HTTP over SSL (HTTPS), in which the server authenticates the client computer using the client computer's PKC. SSL technology provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. PKC is issued by a trusted organization, which is called a certificate authority (CA), and provides identification for the bearer.

When using certificate-based mutual authentication, the following actions occur:

  1. A client requests access to a protected resource.
  2. The web server presents its certificate to the client computer.
  3. The client computer verifies the server's certificate.
  4. If successful, the client computer sends its certificate to the server.
  5. The server verifies the client computer's credentials.
  6. If successful, the server grants access to the protected resource requested by the client computer.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*