: What is "SSL Server-Client Authentication"? In comparing different SSL certificates I see "Server-Client Authentication" listed as a benefit of a paid certificate over a free one. (see it here)

@Frith620

Server program should have access to the server certificate, which contains the server's identity, private key and public key.

In the handshake process, the server will extract the server's public certificate and send it to the client site.

From the client side, the client program should be able to authenticate the server's identity .Server authentication seems to be always required to their site.

Vote Up Vote Down

@Eichhorn148

The conext sensitive help on the StartSSL website states:


Combined Server and Client Authentication support with SSL/TLS server certificates


This appears to be a feature related to requiring your users to have personal security certificates installed in their web browser. From webadmns.blogspot.com/:

If you enable client authentication, the server validates clients by checking for trusted certificate authority, Known as CA root certificates in the local key database. To enable client authentication, you need to use SSLClientAuth directive.

... The server requires a valid certificate from all clients and returns a 403 status code if no certificate is present.


A friend of mine started a company called CryoKey that lets you generate a personal certificate that gets installed in your web browser. This type of certificate would be the type used for both client and server authentication.

Vote Up Vote Down