SECURITY TOPICS

Client Certificates vs. Server Certificates
What’s the Difference?

Digital certificates are everywhere.

Client or User Identity

To some, the mention of PKI or ‘Client Certificates’ may conjure up images of businesses protecting and completing their customers’ online transactions, yet such certificates are found throughout our daily lives, in any number of flavors; when we sign into a VPN; use a bank card at an ATM, or a card to gain access to a building; within Oyster public transport smart cards, for example, used in central London. These digital certificates are even found in petrol pumps, the robots on car assembly lines and even in our passports.

 

In Continental Europe and many so-called ‘emerging countries’, the use of client certificates  is particularly widespread, with governments issuing ID cards that have multiple uses, such as to pay local taxes, electricity bills and for drivers’ licenses. And the reason to see why is simple – client certificates play a vital role in ensuring people are safe on line. As the name indicates, they are used to identify a client or a user, authenticating the client to the server and establishing precisely who they are.

Client or User Identity

Encryption Protects Data During Transmission

Server or SSL Certificates perform a very similar role to Client Certificates, except the latter is used to identify the client/individual and the former authenticates the owner of the site. Server certificates typically are issued to hostnames, which could be a machine name (such as ‘XYZ-SERVER-01’) or domain name (such as ‘www.symantec.com’). A web browser reaching the server, and validates that an SSL server certificate is authentic. That tells the user that their interaction with the web site has no eavesdroppers and that the web site is exactly who it claims to be. This security is critical for electronic commerce, which is why certificates are now in such widespread use.

How do they do that? In practice, a web site operator obtains a certificate by applying to a certificate provider with a certificate signing request. This is an electronic document that contains all the essential information: web site name, contact email address and company information. The certificate provider signs the request, producing a public certificate, which is served to any web browser that connects to the web site and, crucially, proves to the web browser that the provider issued a certificate to the person he believes to be the owner of the web site. Before issuing a certificate, however, the certificate provider will request the contact email address for the web site from a public domain name registrar and check that published address against the email address supplied in the certificate request, ensuring the circle of trust has been closed.

Moreover, you can configure a web site so that any user wishing to connect is required to provide a valid client certificate, and valid user name and password. This is usually referred to as ‘two-factor authentication’ – in this instance, ’something you know’ (password) and ’something you have’ (certificate).

For those engaged in transactions on the web, certificates mean an end to anonymity and instead provide assurance that this is someone you can trust; that they are who they say they are. In an online world where our safety is being challenged constantly, such reassurance is invaluable.

LEARN MORE

Beginner's Guide to SSL/TLS

SSL/TLS Explained

Whether you are an individual or a company, you should approach online security in the same way that you would approach physical security for your home or business.


This guide will de-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.

READ BEGINNER'S GUIDE
How Does SSL/TLS Work?

How Does SSL/TLS Work? What Is An SSL/TLS Handshake?

For SSL/TLS negotiation to take place, the system administrator must prepare the minimum of 2 files: Private Key and Certificate. When requesting from a Certificate Authority such as Symantec Trust Services, an additional file must be created. This file is called Certificate Signing Request, generated from the Private Key.  

Continue Reading

FATCA Data with Symantec Secure Site SSL Certificate

FATCA Data with Symantec Secure Site SSL Certificate

The Foreign Account Tax Compliance Act (FATCA) was enacted in 2010 to improve transparency and address non-compliance by U.S. taxpayers.

This Act affects U.S. individual taxpayers with certain foreign financial accounts and offshore assets as well as foreign financial institutions with accounts held by U.S. taxpayers or U.S. financial institutions with payments to foreign entities.

Continue Reading

Renewing SSL/TLS Certificates

Renewing SSL/TLS Certificates

One of the easiest ways you can protect your visitors’ information is to make sure you renew your SSL/TLS certificates on time.


Continue Reading

USE CASES

Symantec Website Security Solutions In The Real World

Join the Community

Join Security Discussions on Symantec Connect

SYMANTEC CONNECT

Follow Threat Intelligence on Twitter @Threatintel

SYMANTEC ON TWITTER

Watch Videos on the Symantec Website Security YouTube Channel

SYMANTEC ON YOUTUBE