7.2.1 The authentication functionality of the Web server
The Web server provides server authentication and client authentication functionality.
- Server authentication
-
Server authentication involves encrypting random number data and sending it from the browser to the server, which uses a key exchange certificate to decrypt the data.
Only a server with the correct key exchange certificate knows the secret key for decryption. Thus, a handshake is established only if the server is recognized as legal by the client. In this case, the server does not assign an electronic signature; however, it is possible to reconfirm whether the server is legal after handshake establishment.
- Client authentication
-
Client authentication involves the server sending random number data to the browser, which then assigns an electronic signature to the data and returns it to the server, along with the electronic signature certificate installed on the browser.
The browser assigns an electronic signature to the random number data, thereby indicating to the server that the browser has a secret key. As a result, the server can confirm that the client has the secret key associated with the certificate.
Note that before using the SSL-related functionality described here, you should configure SSL on the web server, which must be either Cosminexus HTTP Server or Microsoft IIS. For details about how to do this, follow the relevant subsections below.
-
When using Cosminexus HTTP Server: