Certificate-Based Mutual Authentication
Certificate-Based Mutual Authentication
In user name- and password-based mutual authentication, the following actions occur:
1. A client requests access to a protected resource.
2. The web server presents its certificate to the client.
3. The client verifies the server's certificate.
4. If successful, the client sends its user name and password to the server, which verifies the
client's credentials.
5. If the verification is successful, the server grants access to the protected resource requested
by the client.
shows what occurs during user name- and password-based mutual authentication.
Server
Client
server.keystore
server.cert
3
Verifies
certificate
1
Requests protected resource
2
Presents certificate
4
Presents certificate
6
Accesses protected resource
client.keystore
client.cert
trustStore
server.cert
client.cert
5
Verifies
certificate
6
FIGURE 304
Certificate-Based Mutual Authentication
Defining Security Requirements for Web Applications
Chapter 30 · Securing Web Applications
865