What is 2-way SSL and the difference between one and two way
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
What is 2-way SSL and the difference between one and two way
Ive been setting up SSL certificates for a while (standard SSL and wildcards), but now i need to set up some two-way SSL certificates. Im not asking for that someone should explain all about what the differences between one and two-way SSL are, but does someone have a great/good guide that explains what it is and maybe how to set it up? Its going to be used with apache. All help is appericiated as always.
Thank you for spending your time answering, but did you really think that i didnt google first? Do i always have to type in the first post that i have been googling? I see that there are some very minimal explainations of what two-way ssl (yes there are a lot more, but thats pretty much on regular ssl or two-way with use in app. servers) are in the results (and yes, ive tried serveral search terms) and that wont give me a full understanding of it..but i could probably use that..but the problem is that i cant find any _good_ guide or a guide at all about how to setup two-way ssl from scatch. I mean, do you order it the same way like a regular standard ssl certificate ..and if you have to order it like a regular certificate..where do you go from there.. whats different.. im kinda looking for a guide that _explains_ and wants you to _understand_
well you said you wanted some guides so i pointed you to some guides... within apache it's pretty trivial to configure a client side certificate requirement... There's no specific "two way" setup, it's just multiple things which work in isolation to each other. Again, another guide which seems to cover it all off pretty well... http://blogs.ittoolbox.com/security/...ificates-11500 do you have specific questions here?
Yea, well, thanks for the link, but in the comments on that page they say that the article contains serveral errors and i dont understand what this have to do with "two-way ssl" since he seems to only be talking about regular ssl stuff.
- I am again asking this question since it havent been answered and this was what i wondering (see topic of the thread).. what is the difference between a regular and a two-way certiifcate?
- When setting up a two-way certificate, do you then buy a regular certificate at fex. Thawte and install that?
- Is a regular ssl certificate and a two-way certificate only different when it comes to fex. the configuration of apache?
- Could you explain why someone would want a two-way certificate compared to a regular ?
What two-way certificates is seems to be covered poorly pretty much everywhere.
ok, getting threads crossed... I read the title but your thread then said "i'm not asking for someone to explain the differences..."
There is no such thing as a two way SSL certificate. There are two certificates involved, but they are essentially seperate. It's only the overall solution and concept that is two way. witin raw config there are two isolated parts - serverside ssl and clientside ssl. If i may, i think your views on the documentation of this being vague is that, as above, in itself it's not a real thing, just a combination of things. And i've not heard of "fex" before... who's or what's that?
In terms of motiviation, it's about knowing who your client is to a certain level. Where I work we have an wholesale ISP to whom we report ADSL faults. in order for us to access the site at all we need to provide them with one of their signed certificates in order to prove that we are who we say we are to a given level of confidence. This goes well against the logic of something like a public IP being allowed access. often a private website online will only allow known customer IP addresses to connect to them, but that can be a horrible mess to administer, so instead they can say to customers like us that when we go to their site we must provide them with a valid certificate that they trust, irrespective of where they are. many many other examples of course, but that's one i deal with every day. It's also very common for clustered systems, SOAP/XML interchanges happening over apache, to require both parties involved to require a certificate to ensure mutual trust.
When it comes to what "fex" means, its just a shortname for the word "for example".
So if i understand you correctly, then you have a server that is secured with a regular certificate and you have the client that must use a certificate to authenticate against the server, right? If what im saying here is true, then what kind of certificate is used by the client, is it a self-signed certificate or a certificate bought from a certificate authority (CA) ? ..And how do you authenticate to the server using your client certificate, do you have the certificate installed in the browser..
it's whatever certificate that is deemed suitable for the situation. note that there's nothing special about a Thawte certificate in terms of technology, they were simply given implicit trust by much of the security industry. Who's to say you are any less honest then them? maybe you are the one to say that, in which case your systems are free to be configured to accept your signed certificates as well as (or maybe even instead of) commerically signed on.
Yes, you tend to get a popup box saying that the server is requesting a certificate and wants you to choose which one to send it. if you have no certificate, it'll usually just fail silently with a server error.