A digital certificate obtained for a client application (such as a Web browser) that can be used by the client to digitally sign data it transmits. Client certificates can be used to enable client machine authentication for the purpose of secure communication over the Internet using the Secure Sockets Layer (SSL) protocol.
A client obtains a certificate from a certificate authority (CA) by submitting a certificate request file. The CA responds by issuing a client certificate, which contains the client’s identification information in encrypted form, along with the client’s public key. The client certificate must then be installed on the client’s Web browser.
Microsoft Internet Explorer can import client certificates into the browser’s certificate store using the Personal button on the Content tab of the Internet Options dialog box. Administrators can also use the Internet Explorer Administration Kit (IEAK) for preconfiguring client certificates prior to installation on user computers.
Importing a client certificate in the Internet Explorer Properties dialog box
In SSL communication, a Web server can validate the identity of a client using the certificate installed on the client. With Internet Information Server (IIS) version 4, client certificates can be mapped to Microsoft Windows NT user accounts by way of a process called certificate mapping. (Windows 2000 supports a similar feature in its Internet Information Services.) Certificate mapping makes it easier for administrators to control access to content located on the Web server.
Use client certificates when it is important for servers to validate the identity of clients—for example, when your enterprise includes mobile users with laptops who need to remotely and securely access the company’s intranet server using Internet Explorer.