Print

Client certificate authentication

The TSAPI and CVLAN Services may be configured to request a certificate from the client so that the AE Services Server can verify the client's identity. This process is known as client certificate authentication.

  1. After the client has authenticated the server's certificate, the server sends a request to the client for its certificate.

  2. The client sends its certificate to the server.

  3. The server checks the client certificate to determine the following:
    1. If the client certificate is issued by a certificate authority that the server trusts.

    2. If the client certificate is within its validity window. The server checks to see if the current time falls between the Not Before and Not After dates in the client certificate.

    3. If the client certificate can be used for client authentication. The server checks to see if the client certificate's Extended Key Usage field includes Client Authentication.

When all the security checks are satisfied the client and server can exchange secure messages.

Figure 1. Client Certificate Authentication