Netscape MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR Administrator's Manual page 804

The SSL Handshake
• In the case of client authentication, the client encrypts some random data with
the client's private key—that is, it creates a digital signature. The public key in
the client's certificate can correctly validate the digital signature only if the
corresponding private key was used. Otherwise, the server cannot validate the
digital signature and the session is terminated.
The sections that follow provide more details on server authentication and client
authentication.
Server Authentication
Netscape's SSL-enabled client software always requires server authentication, or
cryptographic validation by a client of the server's identity. As explained in Step 2
of "The SSL Handshake," which begins on page 802, the server sends the client a
certificate to authenticate itself. The client uses the certificate in Step 3 to
authenticate the identity the certificate claims to represent.
To authenticate the binding between a public key and the server identified by the
certificate that contains the public key, an SSL-enabled client must receive a "yes"
answer to the four questions shown in Figure K-2. Although the fourth question is
not technically part of the SSL protocol, it is the client's responsibility to support
this requirement, which provides some assurance of the server's identity and thus
helps protect against a form of security attack known as "man in the middle."
804 Managing Servers with Netscape Console • December 2001