Reputation: 2057
Use Server Certificate As Client Certificate
ServerA and ServerB are the web servers. ServerA wishes to communicate with ServerB. Can ServerA use its server certificate as a client certificate during mutual authentication ?
Upvotes: 6
Views: 8688
Answers (1)
Reputation: 137557
SSL certificates are really identities. The difference between a client certificate and a server certificate is that a client certificate identifies a person (or the software acting on their behalf) and a server certificate identifies a service (or the machine hosting that service). Cryptographically, you can use either as the actual client side identity of an SSL connection, but the other side (the server on that particular connection) has to accept the certificate; most people don't put the Distinguished Name of servers into the database of acceptable identities. There's also the Extended Key Usage constraints that might or might not be present; if present, they could enforce the separation between server and client certificates (don't hack things to ignore policy requirements, please!) but I've no idea if that will actually apply to your situation. The rules there are a bit intricate.
In short: you can do it, but is it a good idea?
Upvotes: 8
Related Questions
- Client Certificate Authentication in SSL Handshake
- SSL certificate for client
- Setting up client side certificate for mutual authentication
- HTTPS client - certificate
- Is SSL with server certificate and client password possible?
- Can server send multiple certificates to client?
- Using a server-side certificate for client-side authentication
- passing the Client certificate over HTTP
- Send client certificate to Server in Tcl
- Is CA certificate same client certificate?