Print

Client authentication

Client authentication is similar to server authentication, except that the roles are reversed. In the case of client authentication the server asks the client to provide the client certificate.

The process of client authentication occurs on the server, as follows:

  1. The server sends a request to the client asking for the client certificate.

  2. The client sends the client certificate to the server.

  3. The server checks the client certificate to determine the following:

    1. If the client certificate is issued by a certificate authority that the server trusts. The server checks the name of the CA. To comply, the name of the certification authority (CA) on the certificate must match the name of the CA on the server’s trusted certificate.

    2. If the client certificate is within its validity window. The server checks to see if the current time falls between the Not Before and Not After dates in the client certificate.

When all the security checks are satisfied the client and server can exchange secure messages.

Figure 1. Client Authentication