Certificate-based authentication is a cryptographic technique that allows one computer to securely identify itself to another across a network connection, using a document called a public-key certificate.
Authentication using certificates is a feature of many internet security protocols, including the near-universal SSL/TLS, commonly used by web browsers to authenticate online transactions. However, while most SSL/TLS uses involve servers confirming their identities to client machines, the term certificate-based authentication usually denotes a situation where that scenario is reversed: an end user’s device sends a certificate to prove its identity so the user can gain access to server or network resources.
Benefit of cert-based authentication
Because public-key cryptography is considered very secure, certificate-based authentication is often used to complement password-based authentication, in essence providing two-factor authentication without requiring the end user to fiddle with a security key fob or receive a code on their cell phone. Certificate-based authentication is integrated into many corporate networking and network-security tools, like Microsoft’s Active Directory and Cisco’s ISE.
In this article, we’ll give you a high-level view of how certificate-based authentication works. First, we’ll offer a brief introduction to public-key cryptography, and then we’ll step through the process of a specific certificate-based authentication example.