2. Installing the identity certificate on the server.
3. Installing the corresponding root certificate on your client or browser.
The specific tasks you need to complete will vary, depending on your environment.
1-Way SSL Authentication
This authentication method is used when a client needs assurance that it is connecting to the right server (and
not an intermediary server), making it suitable for public resources like online banking websites. Authentication
begins when a client requests access to a resource on a server. The server on which the resource resides then
sends its server certificate (also known as an SSL certificate) to the client in order to verify its identity. The
client then verifies the server certificate against another trusted object: a server root certificate, which must
be installed on the client or browser. After the server has been verified, an encrypted (and therefore secure)
communication channel is established. At this point, the server prompts for the entry of a valid username and
password in an HTML form. Entering user credentials after an SSL connection is established protects them
from being intercepted by an unauthorized party. Finally, after the username and password have been accepted,
access is granted to the resource residing on the server.
A client might need to store multiple server certificates to enable interaction with multiple servers.
Note
To determine whether you need to install a root certificate on your client, look for a lock icon in your browser’s
URL field. If you see this icon, this generally indicates that the necessary root certificate has already been
installed. This is usually the case for server certificates signed by one of the bigger Certifying Authorities
(CAs), because root certificates from these CAs are included with popular browsers.
If your client does not recognize the CA that signed a server certificate, it will indicate that the connection is
not secure. This is not necessarily a bad thing. It just indicates that the identity of the server you want to
connect has not been verified. At this point, you can do one of two things: First, you can install the necessary
root certificate on your client or browser. A lock icon in your browser’s URL field will indicate the certificate
was installed successfully. And second, you can install a self-signed certificate on your client. Unlike a root
certificate, which is signed by a trusted CA, a self-signed certificate is signed by the person or entity that
created it. While you can use a self-signed certificate to create an encrypted channel, understand that it carries
an inherent amount of risk because the identity of the server you are connected with has not been verified.
Security
2
Security
1-Way SSL Authentication