Server: Send optional certificate request

If the server wants to use authentication by client certificate

Send down the certificate request The server sends down

What certificate types it supports
What signature algorithms it supports in preferred order – so it can check the certificate sent to it
A list of the “certificate authority” certificates from the trust store. This can include self signed certificates

The client has logic like

For each signature algorithm in the list, in turn
.. For each certificate authority certificate
…. if the trust store has an entry matching the signature algorithm and the keystore; and the entry has a private certificate
…. Then use it
Else return “empty” – no certificate match the keystore.

*** CertificateRequest Cert Types: RSA, DSS ECDSA Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA,… Cert Authorities: These are the certificate authorities (or self signed certificates) They were listed at server start up in the initial section >CN=ECBPECC, OU=EC, O=ZZZZ< >CN=SSCA8, OU=CA, O=SSS, C=GB< >CN=TEMP4Certification Authority, OU=TEST, O=TEMP< >CN=CA_BPECC, OU=TEST, O=TEMP< >CN=TEMP4Certification Authorit2, OU=TEST, O=TEMP< >CN=SS, O=SSS, C=GB< *** ServerHelloDone It has finished the processing, send the data and wait for the reply <

Share this:

Like this: