What is a client certificate?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



A very ignorant question, sans doute.

I get my certificates from cacert.org, to whom I am very grateful.
I follow what I take to be the official procedure,
first creating <server>.key and <server>.csr on my server
and then getting <server>.crt by going to Server Certificate=>New
at the cacert site.

I then place the key certficate *.key in /etc/pki/tls/private/
and what I call the client certificate *.crt in /etc/pki/tls/certs/ .

But I notice that there at www.cacert.org there is 
a Client Certificate folder as well as the Server Certificate folder,
and it seems that one can create a "client certificate" there.

My quesion is: what is the purpose of this second client certificate?

And while I am on the topic, what are the recommended file permissions
for PKI certificates?
I was a little surprised to find my <server>.key has permission 640,
while <server>.crt has permission 644.
The folder /etc/pki/tls/private/ on my server
does not seem to have any special security;
it is owned by root but can be opened and listed by anybody.
Is that the recommended setup?

-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux