background image

Certificate-Based Mutual Authentication

<< Mutual Authentication | Digest Authentication >>
<< Mutual Authentication | Digest Authentication >>

Certificate-Based Mutual Authentication

In user name- and password-based mutual authentication, the following actions occur:
1. A client requests access to a protected resource.
2. The web server presents its certificate to the client.
3. The client verifies the server's certificate.
4. If successful, the client sends its user name and password to the server, which verifies the
client's credentials.
5. If the verification is successful, the server grants access to the protected resource requested
by the client.
Figure 30­5
shows what occurs during user name- and password-based mutual authentication.
Server
Client
server.keystore
server.cert
3
Verifies
certificate
1
Requests protected resource
2
Presents certificate
4
Presents certificate
6
Accesses protected resource
client.keystore
client.cert
trustStore
server.cert
client.cert
5
Verifies
certificate
6
FIGURE 30­4
Certificate-Based Mutual Authentication
Defining Security Requirements for Web Applications
Chapter 30 · Securing Web Applications
865