For using SSL, does the client side need to have a digital certificate (X.509v3)? If so, then why can I access...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
secure Web sites from my computer that seemingly does not have a certificate? If it is not needed, then how does the client send its public key across to the secure server?
No, you do not need a certificate to use SSL. If you have one, it can be used to authenticate you to the server, but if you don't, then some other mechanism (like a password) can be used.
When you set up an SSL connection, usually, a Diffie-Hellman key exchange is done, but each side can actually negotiate how it is done.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Finding the answers to specific SSL questions
News & Analysis: OpenSSL expert details flaws
Dig Deeper on PKI and Digital Certificates
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.