Client Certificate
Full Title or Meme
A Certificate that is created to identify the client in a client-server environment
Context
Mutual Authentication or mTLS is used in a version of TLS where both sides of the connection have certificates that are evaluated during the TLS handshake.
Problem
Password-based security in many organizations is a problem. Sure, part of this stems from employees practicing poor password hygiene (such as creating weak passwords or sharing their credentials with colleagues). However, a large part of it comes from employers practicing poor access management. 2021 data from Keeper Security and Pollfish shows that 32% of their 1,000 survey respondents say they’ve accessed accounts belonging to their former employers.
Solutions
Certificate-based authentication allows users to log in to various systems without typing in a traditional username and password. Instead, the user’s browser (i.e., their client) automatically logs them in using a digital certificate (and a PKI key pair — more on that later) that’s saved on their individual computer or device. This method of authentication allows authorized users to access everything from specific files and services to your network and other IT systems
Digital certificates are files that serve as your ID card in the digital world. Much like how your government-issued driver’s license or ID card identifies you in an official capacity, these certificates do the same for you on the internet. And much like how your driver’s license has a unique letter-number combo that represents you, every digital certificate has unique characteristics that differentiate it from others.
These certificates are the essential and trusted elements of public key infrastructure (PKI — which we’ll talk more about later). They’re trusted because they require a reputable and publicly trusted third party (known as a certification authority, certificate authority, or simply a “CA”) to verify your identity prior to issuing the certificate.
Scaling your network securely and setting up remote access for a bunch of employees can be tricky and time-consuming under normal circumstances. The onset of the COVID-19 global pandemic last spring, which forced businesses to close their offices and millions of employees to work from home remotely, made this even more of a critical issue for IT admins across the globe. And even now, a year later, businesses are still trying to roll out better and more secure user access methods.
And considering how often employees don’t follow password safety best practices, you sometimes need to take the initiative to shore up your defenses through other means. Of course, opting to use a client authentication certificate may not be a good fit for all situations. But it can come in handy in many circumstances — particularly for larger organizations.