106
edits
PSM:CertPrompt: Difference between revisions
m
server sends to client (who else?)
(Refer to bug 511384) |
m (server sends to client (who else?)) |
||
| Line 5: | Line 5: | ||
== Current Interactions == | == Current Interactions == | ||
When an SSL server requests that a client authenticate itself with a certificate, the server sends a list of the names of issuers of client certificates that are acceptable to the server. The client is supposed to only respond with a certificate issued by one of the issuers named by the server. The list of acceptable issuer names is part of the server's configuration. | When an SSL server requests that a client authenticate itself with a certificate, the server sends to the client a list of the names of issuers of client certificates that are acceptable to the server. The client is supposed to only respond with a certificate issued by one of the issuers named by the server. The list of acceptable issuer names is part of the server's configuration. | ||
With some server products, when the server requests client authentication, it will require that the client successfully authenticate itself with an acceptable certificate, or else the SSL connection will be terminated. Some server products may alternatively be configured to request, but not require, a client certificate. Server thus configured will allow the SSL connection to continue, even if the client has no certificate or its certificate is not valid. | With some server products, when the server requests client authentication, it will require that the client successfully authenticate itself with an acceptable certificate, or else the SSL connection will be terminated. Some server products may alternatively be configured to request, but not require, a client certificate. Server thus configured will allow the SSL connection to continue, even if the client has no certificate or its certificate is not valid. | ||