1

when send request to a server, if mutual authentication is needed, the server always give me a .p12 or .pfx file, which contain a client certificate, a client private key.

In my understanding, the mutual authentication process only request client to send its certificate to server, and verify server's certificate do not need a client private key. So why they cannot just send me a certificate? Or is there something I miss?

chendw2401
  • 13
  • 4
  • 2
    You do need the private key. It's used in the SSL/TLS handshake to sign a challenge. This is the only way you can prove that you're the rightful holder of the client certificate (which itself is public). – Robby Cornelissen Dec 15 '20 at 03:46
  • That makes sense, thanks,it helps me a lot to understand the process – chendw2401 Dec 16 '20 at 03:39

0 Answers0