Digital certificates and SSL

For using SSL, does the client side need to have a digital certificate (X.509v3)? If so, then why can I access

secure Web sites from my computer that seemingly does not have a certificate? If it is not needed, then how does the client send its public key across to the secure server?

No, you do not need a certificate to use SSL. If you have one, it can be used to authenticate you to the server, but if you don't, then some other mechanism (like a password) can be used.

When you set up an SSL connection, usually, a Diffie-Hellman key exchange is done, but each side can actually negotiate how it is done.

You can find all the rules for how this is done in RFC 2246, the IETF standardization of SSL called Transport Layer Security. You can find this at http://www.ietf.org/rfc/rfc2246.txt.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Finding the answers to specific SSL questions
News & Analysis: OpenSSL expert details flaws

This was first published in September 2002

Dig deeper on PKI and Digital Certificates



Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: