I am struggling with the certificates.
What is Server certificate and Client certificate?
What is different?
How it work?
Is it the common way to make web application secure?
I have a little knowledge about network layer.
But i have no idea why do we have to make 2 kinds of certificates for security.
It is somewhat large subject, I would recommend you to go over SSL/TLS protocols, for example Networking 101: Transport Layer Security (TLS) - High Performance Browser Networking (O'Reilly) is a good introduction on the matter.
thank you for your reply! and the link!
before i start to read it
Can you tell me whether they have difference? or they are just used on different layer?
The SSL is deprecated at this moment, TLS is recommend to be used in place, but they serve the same purpose and conceptually are very close.
I know it. what i want to know is the reason why we have to create 2 certificates. the server certificate, the client certificate
Shouldn’t we just use 1 certificate ?
opendistro-for-elasticsearch ssl-config-template in this page, you can see the 2 options for it.
#############################################################################################
#############################################################################################
#opendistro_security.ssl.transport.enabled: false
#############################################################################################
#############################################################################################
#opendistro_security.ssl.http.enabled: true
Oh sorry, so basically the client/server certificates are mandatory for Transport layer SSL (and client is optional for REST layer SSL). The official documentation TLS Certificates - Open Distro for Elasticsearch Documentation gives you some indications why both may be needed. In general, it establishes trust between server and client.
I didn’t fully understand it yet. I’ll read it. thank you ! 