Certificate-based authentication
Certificate-based authentication
is a way of verifying the identity of a user or a server based on public key cryptography.
- uses a public and a private key (files)
- public key – can be shared with anyone (ex: browser client)
- private key – is kept secret by the owner (ex: web site)
- similar to electronic passports (they have a private key)
- the owner can use the private key to sign a message
- anyone who has the public key can verify that the message was signed by the owner
- authentication certificates are issued by trusted authorities (certificate authorities (CAs))
- CAs verify the owner’s information, name, certificate details, criminal records, taxes, domain, IP
- It is common to use with TLS/SSL protocol (HTTPS)
- SSL uses digital signatures to establish a trust relationship between the sender and receiver