Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 516

Appendix B. Introduction to Public-Key Cryptography
Certificate Type
Client SSL certificates
Server SSL certificates
S/MIME certificates
CA certificates
Table B.1. Common Certificates
B.4.3.2. SSL
The Secure Sockets Layer (SSL) protocol governs server authentication, client authentication, and
encrypted communication between servers and clients. SSL is widely used on the Internet, especially
for interactions that involve exchanging confidential information such as credit card numbers.
SSL requires an SSL server certificate. As part of the initial SSL handshake, the server presents
its certificate to the client to authenticate the server's identity. The authentication uses public-key
encryption and digital signatures to confirm that the server is the server it claims to be. Once the
server has been authenticated, the client and server use symmetric-key encryption, which is very fast,
to encrypt all the information exchanged for the remainder of the session and to detect any tampering.
Servers may be configured to require client authentication as well as server authentication. In this
case, after server authentication is successfully completed, the client must also present its certificate
to the server to authenticate the client's identity before the encrypted SSL session can be established.
For an overview of client authentication over SSL and how it differs from password-based
Section B.4.2, "Authentication Confirms an
authentication, see
494
Use
Used for client authentication to servers
over SSL. Typically, the identity of the
client is assumed to be the same as the
identity of a person, such as an employee.
Section B.4.2.2, "Certificate-Based
See
Authentication"
SSL client certificates are used for client
authentication. Client SSL certificates can also
be used as part of single sign-on.
Used for server authentication to clients
over SSL. Server authentication may be
used without client authentication. Server
authentication is required for an encrypted
SSL session. For more information, see
Section B.4.3.2,
Used for signed and encrypted email. As
with SSL client certificates, the identity of
the client is assumed to be the same as the
identity of a person, such as an employee.
A single certificate may be used as both an
S/MIME certificate and an SSL certificate;
Section B.4.3.3, "Signed and Encrypted
see
Email". S/MIME certificates can also be used
as part of single sign-on.
Used to identify CAs. Client and server
software use CA certificates to determine
what other certificates can be trusted. For
more information, see
Certificates Establish
Identity".
for a description of the way
"SSL".
Section B.4.6, "How CA
Trust".