Problem solve Get help with specific problems with your technologies, process and projects.

Digital certificates and SSL

For using SSL, does the client side need to have a digital certificate (X.509v3)? If so, then why can I access secure Web sites from my computer that seemingly does not have a certificate? If it is not needed, then how does the client send its public key across to the secure server?

No, you do not need a certificate to use SSL. If you have one, it can be used to authenticate you to the server, but if you don't, then some other mechanism (like a password) can be used.

When you set up an SSL connection, usually, a Diffie-Hellman key exchange is done, but each side can actually negotiate how it is done.

You can find all the rules for how this is done in RFC 2246, the IETF standardization of SSL called Transport Layer Security. You can find this at http://www.ietf.org/rfc/rfc2246.txt.

For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Finding the answers to specific SSL questions
News & Analysis: OpenSSL expert details flaws

This was last published in September 2002

Dig Deeper on PKI and digital certificates

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.