Differences
This shows you the differences between the selected revisions of the page.
| 2014-10-01 | 2016-01-05 | ||
| mentioning tls versions explicitly (martin) | 5.8 Bu 921 Authentication with TLS/SSL client certificates (martin) | ||
| Line 3: | Line 3: | ||
| Transport Layer Security (%%TLS%%) and its predecessor, Secure Sockets Layer (%%SSL%%), are cryptographic protocols designed to provide communication security over the Internet. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. ((&wikipedia_ref(Transport_Layer_Security|Transport Layer Security))) | Transport Layer Security (%%TLS%%) and its predecessor, Secure Sockets Layer (%%SSL%%), are cryptographic protocols designed to provide communication security over the Internet. They use X.509 certificates and hence asymmetric cryptography to authenticate the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. ((&wikipedia_ref(Transport_Layer_Security|Transport Layer Security))) | ||
| - | ===== [[certificate]] TLS/SSL Certificates ===== | + | ===== [[certificate]] TLS/SSL Server Certificates ===== |
| Much like HTTPS, but unlike [[ssh|SSH]], [[ftps|FTPS]] and [[webdav|WebDAVS]] servers must provide a public key certificate. This certificate must be signed by a certificate authority. | Much like HTTPS, but unlike [[ssh|SSH]], [[ftps|FTPS]] and [[webdav|WebDAVS]] servers must provide a public key certificate. This certificate must be signed by a certificate authority. | ||
| Line 9: | Line 9: | ||
| Learn also how to [[scripting#hostkey|accept certificate automatically in script]]. | Learn also how to [[scripting#hostkey|accept certificate automatically in script]]. | ||
| + | |||
| + | ===== [[client_certificate]] TLS/SSL Client Certificates ===== | ||
| + | The [[ftps|FTPS]] and [[webdav|WebDAVS]] servers may optionally require user to authenticate with [[ui_login_tls#authentication|a client certificate]]. | ||
| + | |||
| + | The client certificate typically needs to be signed by a certificate authority trusted by the server. | ||
| ===== Supported Cryptographic Protocols and Cipher Suites ===== | ===== Supported Cryptographic Protocols and Cipher Suites ===== | ||