Certificate-based authentication

is a way of verifying the identity of a user or a server based on public key cryptography.

• uses a public and a private key (files)
• public key – can be shared with anyone (ex: browser client)
• private key – is kept secret by the owner (ex: web site)
• similar to electronic passports (they have a private key)
• the owner can use the private key to sign a message
• anyone who has the public key can verify that the message was signed by the owner
• authentication certificates are issued by trusted authorities (certificate authorities (CAs))
• CAs verify the owner’s information, name, certificate details, criminal records, taxes, domain, IP
• It is common to use with TLS/SSL protocol (HTTPS)
• SSL uses digital signatures to establish a trust relationship between the sender and receiver