A browser connecting to the secure server will use the SSL protocol to connect and verify the server’s certificate. However, customers can also use Mutual Authentication to have both the client and server use signed certificates to authenticate each other. With Mutual Authentication, both client and server will provide signed certificates for verification.
How Mutual Authentication Works
Client sends ClientHello message proposing SSL options.
- Server responds with ServerHello message selecting the SSL options.
- Server sends Certificate message, which contains the server's certificate.
- Server requests client's certificate in CertificateRequest message, so that the connection can be mutually authenticated.
- Server concludes its part of the negotiation with ServerHelloDone message.
- Client responds with Certificate message, which contains the client's certificate.
- Client sends session key information (encrypted with server's public key) in ClientKeyExchangemessage.
- Client sends a CertificateVerify message to let the server know it owns the sent certificate.
- Client sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
- Client sends Finished message to let the server check the newly activated options.
- Server sends ChangeCipherSpec message to activate the negotiated options for all future messages it will send.
- Server sends Finished message to let the client check the newly activated options.
How the Client and Server Accomplish Each of the Checks for Client Authentication
Digital Signature: The client sends a "Certificate Verify" message that contains a digitally signed copy of the previous handshake message. This message is signed using the client certificate's private key. The server can validate the message digest of the digital signature by using the client's public key (which is found in the client certificate). Once the digital signature is validated, the server knows that the public key belonging to the client matches the private key used to create the signature.
Certificate Chain: The server maintains a list of trusted Client Authorities (CAs), and this list determines which certificates the server will accept. The server will use the public key from the CA certificate (which it has in its list of trusted CAs) to validate the CA's digital signature on the certificate being presented. If the message digest has changed or if the public key does not correspond to the CA's private key used to sign the certificate, the verification fails and the handshake terminates.
Expiration Date and Validity Period: The server compares the current date to the validity period listed in the certificate. If the expiration date has not passed and the current date is within the period, then this check succeeds. If it is not, then the verification fails and the handshake terminates.
Certificate Revocation Status: The server compares the client certificate to the list of revoked certificates on the system. If the client certificate is on the list, the verification fails and the handshake terminates.
Verify the Client Certificate with auth-root
Run the following command to verify the client certificate:
openssl verify -purpose sslclient -CAfile auth-root.crt testcert.crt
Test Connection with Client Cert
Run the following command to test the connection with the client:
openssl s_client -servername example.com -connect example.com:443 -key client-cert.key -cert client-cert.crt
Below is an example of two-way SSL authentication on the BIG-IP system and how to configure mutual or two-way (mutual) authentication using a Client SSL profile to protect application traffic.
Using one-way authentication, clients perform SSL handshakes when initiating a new connection with SSL protected applications. During the SSL handshake, the protected application sends its public SSL certificate to the remote client for validation. The remote client validates the application's public SSL certificate by searching for the signing Certificate Authority (CA) certificate in its trusted CA store. If the remote client is unable to validate or find the signing CA for the public SSL certificate, it should not complete the SSL handshake and abandon the new connection attempt.
Two-way authentication is a less popular method for protecting application traffic as it requires an additional layer of security. When using two-way authentication, clients perform a slightly modified SSL handshake when initiating a new connection with SSL-protected applications. During the modified SSL handshake, the protected application sends its public SSL certificate to the remote client for validation and requests that the remote client sends its Client SSL certificate for validation as well. Both the remote client and protected application validate the SSL certificates they receive by searching for the signing CA certificates in their respective trusted CA stores. If the remote client or the protected application is unable to validate the received SSL certificate, they should not complete the SSL handshake and abandon the new connection attempt.