Key differences between X509 TLS Client certificate and server certificate



  • Is there any difference between a X509 TLS client cert and a server cert?

    I had been implementing certificate-based mutual authentication and hence trying to get/use certificates for IoT devices. While we are pretty clear on server certificates, I was wondering if the client certificates that individual IoT devices will load and present to the server for their authentication are same/similar to what is used for a server.

    Will client certs also to be acquired from a CA and then they will be validated by a server via root CA cert in the same way as server cert is validated against the root CA?



  • Structurally, client and server certs are the same. Both will need keyUsage: digitalSignature and will contain the same type of RSA or ECDSA key. They chain to an intermediate and root CA via Issuer and AIA fields in exactly the same way as server certs. They handle revocation via CRL or OCSP in exactly the same way as server certs.

    However, depending on the enforcement / authorization rules in your server, you may need to put different metadata in the client certs. For example:

    • Server certs almost always have a SubjectAltName of type dNSName matching the public domain name at which the server can be reached. This makes absolutely no sense for a client. Often instead you see a serialNumber DN component, or one of the less common SAN types.
    • Your server may be configured to require client certs to have the extendedKeyUsage: id-kp-clientAuth.
    • Your server may enforce groups, privileges or access controls based on policy OIDs or other custom v3 extensions.

    Again, these are all "may" type items and will depend on how you've built your server; though I do recommend that you think about having some kind of access control rather than blindly accept any cert from your root CA.



Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2