Java Reference
In-Depth Information
Public key certificates are commonly used for secure interaction with websites. By
default, the web browser ships with a set of predefined CAs; they are used to verify
that the public certificate served to a browser when you enter a secure site has ac-
tually been issued by the owner of the website. In short, if you connect your browser
to
https://www.abc.com
and your browser doesn't give any certificate warning,
you can safely interact with the entity in charge of the site. That is, unless the site or
your browser has been hacked. But this is another story.
Tip
Simple authentication and client authentication
In the previous example, we have depicted a simple authentication (also called
server authentication). In this scenario, the only party that needs to prove its
identity is the server.
SSL however, is able to perform mutual authentication (also called client or two-
way authentication); here too the server requests a client certificate during the
SSL handshake over the network.
Client authentication requires a client certificate in x.509 format from a CA. The
x.509 format is an industry-standard format for SSL certificates. In the next sec-
tion, we will explore which tools are available to generate digital certificates and
how to get your certificates signed by a CA.
