CODEWITHSUNDEEP
ssl-certificate
lil
lil

Reputation: 344

Is CA certificate same client certificate?

Is CA certificate same client certificate?

If not how can I get client certificate? If yes how can I use it as client certificate?

Sorry for the dumb question.

Thanks in advance.

Upvotes: 5

Views: 9611

Answers (1)

jondinham
jondinham

Reputation: 8511

Server cert or client cert are just certs, they only have different properties. Everyone in the certification tree (including the end-users, and certificate issuers) has a certificate, usually X509 Certificate.

The certification authorities are on a tree structure (the depth of the tree is not fixed):

Root certication authority of a country (level 0)
  Certification authority 1 (level 1)
    Certification authority 1.1 (level 2)
      End-user 1.1.1 
      End-user 1.1.2
      ...
    Certification authority 1.2 (level 2)
    ... 
  Certification authority 2 (level 1)
  ...

The certificate of end-user is signed by the certification authority at the leaf of the tree. And each certification authority also has a certificate which is signed by the parent certification authority.

The certificate of the root certification authority (level 0) is signed by this root CA itself.

Take 1 example: Certification authority A has a child certification authority B, and the certification authority B issues a cert for end-user C.

For this example: the cert that B is holding and the cert that C is holding are different. The B's cert is signed by A, the C's cert is signed by B. And these certs are definitely different also, because the contents of certs are different.

And regarding how to get a certificate, there are 2 ways: (1) find a certification authority and ask them to buy a cert, (2) use certificate generation software to create your own cert. However, the cert issued by a CA has validity by law, the one generated by yourself can't be used to sign anything legally, and thus the cert generated by yourself can be used as a test cert only.

A certificate file (.cer, .p12, etc.) can be imported to browser; for the Chrome Browser: open 'Settings' --> 'Advanced' --> 'HTTPS/SSL' --> 'Manage certificates' --> 'Import'. The file .cer is X509 certificate (no private key), the file .p12 is PKCS12 certificate (containing private key). Not all certificates are trusted by browser; only those certs issued by a CA in a certification tree which has the root CA known by browser are trusted.

Upvotes: 4

Related Questions