Public-key certificates provide a method to identify and authenticate clients and servers on the Internet. Public-key certificates are administered and issued by a third party known as a certification authority (CA). A subject (individual, system, or other entity on the network) uses a program to generate a key pair and submits the public key to the CA along with identifying information (such as name, organization, e-mail address, and so on). This is known as a certificate request. The CA issues a digitally signed certificate. A digital signature is a block of data that is created using a private key.
The CA ties the certificate owner to the public key within the certificate. The subject then uses the certificate, along with his private key to establish his identity. Once this is done, whomever the subject is communicating with knows that a third party has vouched for his identity.
The process requires these steps:
Use the set-certificate script located in the bin subdirectory of your EAServer installation to map a user name to a certificate. These are the only client certificates that EAServer 6.0 trusts.
The client supplies its certificate and negotiates a secure connection with the server.
