Certificate-Based Authentication

When TLS is configured for certificate-based authentication, it uses signed certificates to guarantee the identity of communicating peers, and a negotiated master key for encrypting and decrypting the data. The certificate and its associated key make it possible to support a wide range of encryption ciphers.

When correctly configured, certificates provide much better security than pre-shared keys.

You can create your own certificates or purchase certificates from a Certificate Authority (CA). When creating your own certificates, you can use simple self-signed certificates or you can act as CA yourself and issue certificates for your own use.

To enable certificate-based encryption, configure the TLS connector for server verification using the verify_server connector option. Optionally, you can configure client verification using the verify_client connector option.

Note:  All certificates and keys must be in PEM format.

Related Topics