CINXE.COM

<!doctype html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="profile" href="https://gmpg.org/xfn/11" /> <title>Mutual Authentication using Certificates – Cryptography & Payments</title> <script type="text/javascript"> WebFontConfig = {"google":{"families":["Source+Sans+Pro:r,i,b,bi:latin,latin-ext"]},"api_url":"https:\/\/fonts-api.wp.com\/css"}; (function() { var wf = document.createElement('script'); wf.src = 'https://s0.wp.com/wp-content/plugins/custom-fonts/js/webfont.js'; wf.type = 'text/javascript'; wf.async = 'true'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(wf, s); })(); </script><style id="jetpack-custom-fonts-css"></style> <meta name='robots' content='max-image-preview:large' /> <meta name="google-site-verification" content="Zw5b22p04kGoy8Ch3FcgAxEamB26jLd3FALtlnOF6RA" />  <script id="wpcom_remote_login_js"> var wpcom_remote_login_extra_auth = ''; function wpcom_remote_login_remove_dom_node_id( element_id ) { var dom_node = document.getElementById( element_id ); if ( dom_node ) { dom_node.parentNode.removeChild( dom_node ); } } function wpcom_remote_login_remove_dom_node_classes( class_name ) { var dom_nodes = document.querySelectorAll( '.' + class_name ); for ( var i = 0; i < dom_nodes.length; i++ ) { dom_nodes[ i ].parentNode.removeChild( dom_nodes[ i ] ); } } function wpcom_remote_login_final_cleanup() { wpcom_remote_login_remove_dom_node_classes( "wpcom_remote_login_msg" ); wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_key" ); wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_validate" ); wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_js" ); wpcom_remote_login_remove_dom_node_id( "wpcom_request_access_iframe" ); wpcom_remote_login_remove_dom_node_id( "wpcom_request_access_styles" ); } // Watch for messages back from the remote login window.addEventListener( "message", function( e ) { if ( e.origin === "https://r-login.wordpress.com" ) { var data = {}; try { data = JSON.parse( e.data ); } catch( e ) { wpcom_remote_login_final_cleanup(); return; } if ( data.msg === 'LOGIN' ) { // Clean up the login check iframe wpcom_remote_login_remove_dom_node_id( "wpcom_remote_login_key" ); var id_regex = new RegExp( /^[0-9]+$/ ); var token_regex = new RegExp( /^.*|.*|.*$/ ); if ( token_regex.test( data.token ) && id_regex.test( data.wpcomid ) ) { // We have everything we need to ask for a login var script = document.createElement( "script" ); script.setAttribute( "id", "wpcom_remote_login_validate" ); script.src = '/remote-login.php?wpcom_remote_login=validate' + '&wpcomid=' + data.wpcomid + '&token=' + encodeURIComponent( data.token ) + '&host=' + window.location.protocol + '//' + window.location.hostname + '&postid=216' + '&is_singular=1'; document.body.appendChild( script ); } return; } // Safari ITP, not logged in, so redirect if ( data.msg === 'LOGIN-REDIRECT' ) { window.location = 'https://wordpress.com/log-in?redirect_to=' + window.location.href; return; } // Safari ITP, storage access failed, remove the request if ( data.msg === 'LOGIN-REMOVE' ) { var css_zap = 'html { -webkit-transition: margin-top 1s; transition: margin-top 1s; } /* 9001 */ html { margin-top: 0 !important; } * html body { margin-top: 0 !important; } @media screen and ( max-width: 782px ) { html { margin-top: 0 !important; } * html body { margin-top: 0 !important; } }'; var style_zap = document.createElement( 'style' ); style_zap.type = 'text/css'; style_zap.appendChild( document.createTextNode( css_zap ) ); document.body.appendChild( style_zap ); var e = document.getElementById( 'wpcom_request_access_iframe' ); e.parentNode.removeChild( e ); document.cookie = 'wordpress_com_login_access=denied; path=/; max-age=31536000'; return; } // Safari ITP if ( data.msg === 'REQUEST_ACCESS' ) { console.log( 'request access: safari' ); // Check ITP iframe enable/disable knob if ( wpcom_remote_login_extra_auth !== 'safari_itp_iframe' ) { return; } // If we are in a "private window" there is no ITP. var private_window = false; try { var opendb = window.openDatabase( null, null, null, null ); } catch( e ) { private_window = true; } if ( private_window ) { console.log( 'private window' ); return; } var iframe = document.createElement( 'iframe' ); iframe.id = 'wpcom_request_access_iframe'; iframe.setAttribute( 'scrolling', 'no' ); iframe.setAttribute( 'sandbox', 'allow-storage-access-by-user-activation allow-scripts allow-same-origin allow-top-navigation-by-user-activation' ); iframe.src = 'https://r-login.wordpress.com/remote-login.php?wpcom_remote_login=request_access&origin=' + encodeURIComponent( data.origin ) + '&wpcomid=' + encodeURIComponent( data.wpcomid ); var css = 'html { -webkit-transition: margin-top 1s; transition: margin-top 1s; } /* 9001 */ html { margin-top: 46px !important; } * html body { margin-top: 46px !important; } @media screen and ( max-width: 660px ) { html { margin-top: 71px !important; } * html body { margin-top: 71px !important; } #wpcom_request_access_iframe { display: block; height: 71px !important; } } #wpcom_request_access_iframe { border: 0px; height: 46px; position: fixed; top: 0; left: 0; width: 100%; min-width: 100%; z-index: 99999; background: #23282d; } '; var style = document.createElement( 'style' ); style.type = 'text/css'; style.id = 'wpcom_request_access_styles'; style.appendChild( document.createTextNode( css ) ); document.body.appendChild( style ); document.body.appendChild( iframe ); } if ( data.msg === 'DONE' ) { wpcom_remote_login_final_cleanup(); } } }, false ); // Inject the remote login iframe after the page has had a chance to load // more critical resources window.addEventListener( "DOMContentLoaded", function( e ) { var iframe = document.createElement( "iframe" ); iframe.style.display = "none"; iframe.setAttribute( "scrolling", "no" ); iframe.setAttribute( "id", "wpcom_remote_login_key" ); iframe.src = "https://r-login.wordpress.com/remote-login.php" + "?wpcom_remote_login=key" + "&origin=aHR0cHM6Ly9hcnRodXJ2YW5kZXJtZXJ3ZS5jb20%3D" + "&wpcomid=70204527" + "&time=1732381786"; document.body.appendChild( iframe ); }, false ); </script> <link rel='dns-prefetch' href='//s1.wp.com' /> <link rel='dns-prefetch' href='//s0.wp.com' /> <link rel='dns-prefetch' href='//s2.wp.com' /> <link rel='dns-prefetch' href='//widgets.wp.com' /> <link rel='dns-prefetch' href='//fonts-api.wp.com' /> <link rel='dns-prefetch' href='//s.pubmine.com' /> <link rel='dns-prefetch' href='//x.bidswitch.net' /> <link rel='dns-prefetch' href='//static.criteo.net' /> <link rel='dns-prefetch' href='//ib.adnxs.com' /> <link rel='dns-prefetch' href='//aax.amazon-adsystem.com' /> <link rel='dns-prefetch' href='//bidder.criteo.com' /> <link rel='dns-prefetch' href='//cas.criteo.com' /> <link rel='dns-prefetch' href='//gum.criteo.com' /> <link rel='dns-prefetch' href='//ads.pubmatic.com' /> <link rel='dns-prefetch' href='//gads.pubmatic.com' /> <link rel='dns-prefetch' href='//tpc.googlesyndication.com' /> <link rel='dns-prefetch' href='//ad.doubleclick.net' /> <link rel='dns-prefetch' href='//googleads.g.doubleclick.net' /> <link rel='dns-prefetch' href='//www.googletagservices.com' /> <link rel='dns-prefetch' href='//cdn.switchadhub.com' /> <link rel='dns-prefetch' href='//delivery.g.switchadhub.com' /> <link rel='dns-prefetch' href='//delivery.swid.switchadhub.com' /> <link rel='dns-prefetch' href='//a.teads.tv' /> <link rel='dns-prefetch' href='//prebid.media.net' /> <link rel='dns-prefetch' href='//adserver-us.adtech.advertising.com' /> <link rel='dns-prefetch' href='//fastlane.rubiconproject.com' /> <link rel='dns-prefetch' href='//prebid-server.rubiconproject.com' /> <link rel='dns-prefetch' href='//hb-api.omnitagjs.com' /> <link rel='dns-prefetch' href='//mtrx.go.sonobi.com' /> <link rel='dns-prefetch' href='//apex.go.sonobi.com' /> <link rel='dns-prefetch' href='//u.openx.net' /> <link rel="alternate" type="application/rss+xml" title="Cryptography & Payments » Feed" href="https://arthurvandermerwe.com/feed/" /> <link rel="alternate" type="application/rss+xml" title="Cryptography & Payments » Comments Feed" href="https://arthurvandermerwe.com/comments/feed/" /> <link rel="alternate" type="application/rss+xml" title="Cryptography & Payments » Mutual Authentication using Certificates Comments Feed" href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ function addLoadEvent(func) { var oldonload = window.onload; if (typeof window.onload != 'function') { window.onload = func; } else { window.onload = function () { oldonload(); func(); } } } /* ]]> */ </script> <script> window._wpemojiSettings = {"baseUrl":"https:\/\/s0.wp.com\/wp-content\/mu-plugins\/wpcom-smileys\/twemoji\/2\/72x72\/","ext":".png","svgUrl":"https:\/\/s0.wp.com\/wp-content\/mu-plugins\/wpcom-smileys\/twemoji\/2\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/s2.wp.com\/wp-includes\/js\/wp-emoji-release.min.js?m=1719498190i&ver=6.8-alpha-59438"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); </script> <link crossorigin='anonymous' rel='stylesheet' id='all-css-0-1' href='https://s1.wp.com/_static/??-eJx9zEEKhDAMQNELTScKha7Es9Q2FDVtiknx+sOIOIMLlx8eH/ZqAhfFojARJ1OppbkI7LxFHwUS8eTpHURe8Gdzu+SCWn1YzwZpBTLHRiiwIXnFaCqL3urpSPOKv+9RXz7moXe9s53tnF0+3f9FFg==&cssminify=yes' type='text/css' media='all' /> <style id='wp-emoji-styles-inline-css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-2-1' href='https://s0.wp.com/_static/??-eJydzMsOwiAQheEXEibEXtKF8VmATggVgcwMNby91U13LlyenHw/vKryJQtmgZpaiJkhtGM6pHA8hLCbRU96ANdiWsGl4h8qRUeWOrD0hNozX+Bn6KsYNpRqP9z20kQFiuu/CbISc+CT3583M1/NMg6zGbc3O1tP4A==&cssminify=yes' type='text/css' media='all' /> <style id='wp-block-library-inline-css'> .has-text-align-justify { text-align:justify; } .has-text-align-justify{text-align:justify;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-4-1' href='https://s2.wp.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpoZmFkYGRuZGmQBAHPvL0Y=&cssminify=yes' type='text/css' media='all' /> <style id='jetpack-sharing-buttons-style-inline-css'> .jetpack-sharing-buttons__services-list{display:flex;flex-direction:row;flex-wrap:wrap;gap:0;list-style-type:none;margin:5px;padding:0}.jetpack-sharing-buttons__services-list.has-small-icon-size{font-size:12px}.jetpack-sharing-buttons__services-list.has-normal-icon-size{font-size:16px}.jetpack-sharing-buttons__services-list.has-large-icon-size{font-size:24px}.jetpack-sharing-buttons__services-list.has-huge-icon-size{font-size:36px}@media print{.jetpack-sharing-buttons__services-list{display:none!important}}.editor-styles-wrapper .wp-block-jetpack-sharing-buttons{gap:0;padding-inline-start:0}ul.jetpack-sharing-buttons__services-list.has-background{padding:1.25em 2.375em} </style> <style id='classic-theme-styles-inline-css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-8-1' href='https://s1.wp.com/_static/??/wp-content/mu-plugins/core-compat/wp-mediaelement.css,/wp-content/mu-plugins/wpcom-bbpress-premium-themes.css?m=1432920480j&cssminify=yes' type='text/css' media='all' /> <style id='global-styles-inline-css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--primary: #000000;--wp--preset--color--secondary: #3C8067;--wp--preset--color--foreground: #333333;--wp--preset--color--tertiary: #FAFBF6;--wp--preset--color--background: #FFFFFF;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--gradient--hard-diagonal: linear-gradient(to bottom right, #3C8067 49.9%, #FAFBF6 50%);--wp--preset--gradient--hard-diagonal-inverted: linear-gradient(to top left, #3C8067 49.9%, #FAFBF6 50%);--wp--preset--gradient--hard-horizontal: linear-gradient(to bottom, #3C8067 50%, #FAFBF6 50%);--wp--preset--gradient--hard-horizontal-inverted: linear-gradient(to top, #3C8067 50%, #FAFBF6 50%);--wp--preset--gradient--diagonal: linear-gradient(to bottom right, #3C8067, #FAFBF6);--wp--preset--gradient--diagonal-inverted: linear-gradient(to top left, #3C8067, #FAFBF6);--wp--preset--gradient--horizontal: linear-gradient(to bottom, #3C8067, #FAFBF6);--wp--preset--gradient--horizontal-inverted: linear-gradient(to top, #3C8067, #FAFBF6);--wp--preset--gradient--stripe: linear-gradient(to bottom, transparent 20%, #3C8067 20%, #3C8067 80%, transparent 80%);--wp--preset--font-size--small: 16px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 24px;--wp--preset--font-size--x-large: 42px;--wp--preset--font-size--tiny: 14px;--wp--preset--font-size--normal: 18px;--wp--preset--font-size--huge: 28px;--wp--preset--font-family--albert-sans: 'Albert Sans', sans-serif;--wp--preset--font-family--alegreya: Alegreya, serif;--wp--preset--font-family--arvo: Arvo, serif;--wp--preset--font-family--bodoni-moda: 'Bodoni Moda', serif;--wp--preset--font-family--bricolage-grotesque: 'Bricolage Grotesque', sans-serif;--wp--preset--font-family--cabin: Cabin, sans-serif;--wp--preset--font-family--chivo: Chivo, sans-serif;--wp--preset--font-family--commissioner: Commissioner, sans-serif;--wp--preset--font-family--cormorant: Cormorant, serif;--wp--preset--font-family--courier-prime: 'Courier Prime', monospace;--wp--preset--font-family--crimson-pro: 'Crimson Pro', serif;--wp--preset--font-family--dm-mono: 'DM Mono', monospace;--wp--preset--font-family--dm-sans: 'DM Sans', sans-serif;--wp--preset--font-family--dm-serif-display: 'DM Serif Display', serif;--wp--preset--font-family--domine: Domine, serif;--wp--preset--font-family--eb-garamond: 'EB Garamond', serif;--wp--preset--font-family--epilogue: Epilogue, sans-serif;--wp--preset--font-family--fahkwang: Fahkwang, sans-serif;--wp--preset--font-family--figtree: Figtree, sans-serif;--wp--preset--font-family--fira-sans: 'Fira Sans', sans-serif;--wp--preset--font-family--fjalla-one: 'Fjalla One', sans-serif;--wp--preset--font-family--fraunces: Fraunces, serif;--wp--preset--font-family--gabarito: Gabarito, system-ui;--wp--preset--font-family--ibm-plex-mono: 'IBM Plex Mono', monospace;--wp--preset--font-family--ibm-plex-sans: 'IBM Plex Sans', sans-serif;--wp--preset--font-family--ibarra-real-nova: 'Ibarra Real Nova', serif;--wp--preset--font-family--instrument-serif: 'Instrument Serif', serif;--wp--preset--font-family--inter: Inter, sans-serif;--wp--preset--font-family--josefin-sans: 'Josefin Sans', sans-serif;--wp--preset--font-family--jost: Jost, sans-serif;--wp--preset--font-family--libre-baskerville: 'Libre Baskerville', serif;--wp--preset--font-family--libre-franklin: 'Libre Franklin', sans-serif;--wp--preset--font-family--literata: Literata, serif;--wp--preset--font-family--lora: Lora, serif;--wp--preset--font-family--merriweather: Merriweather, serif;--wp--preset--font-family--montserrat: Montserrat, sans-serif;--wp--preset--font-family--newsreader: Newsreader, serif;--wp--preset--font-family--noto-sans-mono: 'Noto Sans Mono', sans-serif;--wp--preset--font-family--nunito: Nunito, sans-serif;--wp--preset--font-family--open-sans: 'Open Sans', sans-serif;--wp--preset--font-family--overpass: Overpass, sans-serif;--wp--preset--font-family--pt-serif: 'PT Serif', serif;--wp--preset--font-family--petrona: Petrona, serif;--wp--preset--font-family--piazzolla: Piazzolla, serif;--wp--preset--font-family--playfair-display: 'Playfair Display', serif;--wp--preset--font-family--plus-jakarta-sans: 'Plus Jakarta Sans', sans-serif;--wp--preset--font-family--poppins: Poppins, sans-serif;--wp--preset--font-family--raleway: Raleway, sans-serif;--wp--preset--font-family--roboto: Roboto, sans-serif;--wp--preset--font-family--roboto-slab: 'Roboto Slab', serif;--wp--preset--font-family--rubik: Rubik, sans-serif;--wp--preset--font-family--rufina: Rufina, serif;--wp--preset--font-family--sora: Sora, sans-serif;--wp--preset--font-family--source-sans-3: 'Source Sans 3', sans-serif;--wp--preset--font-family--source-serif-4: 'Source Serif 4', serif;--wp--preset--font-family--space-mono: 'Space Mono', monospace;--wp--preset--font-family--syne: Syne, sans-serif;--wp--preset--font-family--texturina: Texturina, serif;--wp--preset--font-family--urbanist: Urbanist, sans-serif;--wp--preset--font-family--work-sans: 'Work Sans', sans-serif;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;}.has-albert-sans-font-family{font-family: var(--wp--preset--font-family--albert-sans) !important;}.has-alegreya-font-family{font-family: var(--wp--preset--font-family--alegreya) !important;}.has-arvo-font-family{font-family: var(--wp--preset--font-family--arvo) !important;}.has-bodoni-moda-font-family{font-family: var(--wp--preset--font-family--bodoni-moda) !important;}.has-bricolage-grotesque-font-family{font-family: var(--wp--preset--font-family--bricolage-grotesque) !important;}.has-cabin-font-family{font-family: var(--wp--preset--font-family--cabin) !important;}.has-chivo-font-family{font-family: var(--wp--preset--font-family--chivo) !important;}.has-commissioner-font-family{font-family: var(--wp--preset--font-family--commissioner) !important;}.has-cormorant-font-family{font-family: var(--wp--preset--font-family--cormorant) !important;}.has-courier-prime-font-family{font-family: var(--wp--preset--font-family--courier-prime) !important;}.has-crimson-pro-font-family{font-family: var(--wp--preset--font-family--crimson-pro) !important;}.has-dm-mono-font-family{font-family: var(--wp--preset--font-family--dm-mono) !important;}.has-dm-sans-font-family{font-family: var(--wp--preset--font-family--dm-sans) !important;}.has-dm-serif-display-font-family{font-family: var(--wp--preset--font-family--dm-serif-display) !important;}.has-domine-font-family{font-family: var(--wp--preset--font-family--domine) !important;}.has-eb-garamond-font-family{font-family: var(--wp--preset--font-family--eb-garamond) !important;}.has-epilogue-font-family{font-family: var(--wp--preset--font-family--epilogue) !important;}.has-fahkwang-font-family{font-family: var(--wp--preset--font-family--fahkwang) !important;}.has-figtree-font-family{font-family: var(--wp--preset--font-family--figtree) !important;}.has-fira-sans-font-family{font-family: var(--wp--preset--font-family--fira-sans) !important;}.has-fjalla-one-font-family{font-family: var(--wp--preset--font-family--fjalla-one) !important;}.has-fraunces-font-family{font-family: var(--wp--preset--font-family--fraunces) !important;}.has-gabarito-font-family{font-family: var(--wp--preset--font-family--gabarito) !important;}.has-ibm-plex-mono-font-family{font-family: var(--wp--preset--font-family--ibm-plex-mono) !important;}.has-ibm-plex-sans-font-family{font-family: var(--wp--preset--font-family--ibm-plex-sans) !important;}.has-ibarra-real-nova-font-family{font-family: var(--wp--preset--font-family--ibarra-real-nova) !important;}.has-instrument-serif-font-family{font-family: var(--wp--preset--font-family--instrument-serif) !important;}.has-inter-font-family{font-family: var(--wp--preset--font-family--inter) !important;}.has-josefin-sans-font-family{font-family: var(--wp--preset--font-family--josefin-sans) !important;}.has-jost-font-family{font-family: var(--wp--preset--font-family--jost) !important;}.has-libre-baskerville-font-family{font-family: var(--wp--preset--font-family--libre-baskerville) !important;}.has-libre-franklin-font-family{font-family: var(--wp--preset--font-family--libre-franklin) !important;}.has-literata-font-family{font-family: var(--wp--preset--font-family--literata) !important;}.has-lora-font-family{font-family: var(--wp--preset--font-family--lora) !important;}.has-merriweather-font-family{font-family: var(--wp--preset--font-family--merriweather) !important;}.has-montserrat-font-family{font-family: var(--wp--preset--font-family--montserrat) !important;}.has-newsreader-font-family{font-family: var(--wp--preset--font-family--newsreader) !important;}.has-noto-sans-mono-font-family{font-family: var(--wp--preset--font-family--noto-sans-mono) !important;}.has-nunito-font-family{font-family: var(--wp--preset--font-family--nunito) !important;}.has-open-sans-font-family{font-family: var(--wp--preset--font-family--open-sans) !important;}.has-overpass-font-family{font-family: var(--wp--preset--font-family--overpass) !important;}.has-pt-serif-font-family{font-family: var(--wp--preset--font-family--pt-serif) !important;}.has-petrona-font-family{font-family: var(--wp--preset--font-family--petrona) !important;}.has-piazzolla-font-family{font-family: var(--wp--preset--font-family--piazzolla) !important;}.has-playfair-display-font-family{font-family: var(--wp--preset--font-family--playfair-display) !important;}.has-plus-jakarta-sans-font-family{font-family: var(--wp--preset--font-family--plus-jakarta-sans) !important;}.has-poppins-font-family{font-family: var(--wp--preset--font-family--poppins) !important;}.has-raleway-font-family{font-family: var(--wp--preset--font-family--raleway) !important;}.has-roboto-font-family{font-family: var(--wp--preset--font-family--roboto) !important;}.has-roboto-slab-font-family{font-family: var(--wp--preset--font-family--roboto-slab) !important;}.has-rubik-font-family{font-family: var(--wp--preset--font-family--rubik) !important;}.has-rufina-font-family{font-family: var(--wp--preset--font-family--rufina) !important;}.has-sora-font-family{font-family: var(--wp--preset--font-family--sora) !important;}.has-source-sans-3-font-family{font-family: var(--wp--preset--font-family--source-sans-3) !important;}.has-source-serif-4-font-family{font-family: var(--wp--preset--font-family--source-serif-4) !important;}.has-space-mono-font-family{font-family: var(--wp--preset--font-family--space-mono) !important;}.has-syne-font-family{font-family: var(--wp--preset--font-family--syne) !important;}.has-texturina-font-family{font-family: var(--wp--preset--font-family--texturina) !important;}.has-urbanist-font-family{font-family: var(--wp--preset--font-family--urbanist) !important;}.has-work-sans-font-family{font-family: var(--wp--preset--font-family--work-sans) !important;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-10-1' href='https://s0.wp.com/wp-content/mu-plugins/jetpack-mu-wpcom-plugin/sun/vendor/automattic/jetpack-mu-wpcom/src/build/verbum-comments/verbum-comments.css?m=1729061509i&cssminify=yes' type='text/css' media='all' /> <link rel='stylesheet' id='verbum-gutenberg-css-css' href='https://widgets.wp.com/verbum-block-editor/block-editor.css?ver=1721244820' media='all' /> <link rel='stylesheet' id='seedlet-fonts-css' href='https://fonts-api.wp.com/css?family=Fira+Sans%3Aital%2Cwght%400%2C400%3B0%2C500%3B1%2C400%7CPlayfair+Display%3Aital%2Cwght%400%2C400%3B0%2C700%3B1%2C400&subset=latin%2Clatin-ext' media='all' /> <link crossorigin='anonymous' rel='stylesheet' id='all-css-14-1' href='https://s0.wp.com/_static/??/wp-content/themes/pub/seedlet/style.css,/wp-content/themes/pub/seedlet/assets/css/style-navigation.css?m=1720456615j&cssminify=yes' type='text/css' media='all' /> <link crossorigin='anonymous' rel='stylesheet' id='print-css-15-1' href='https://s2.wp.com/wp-content/themes/pub/seedlet/assets/css/print.css?m=1603804565i&cssminify=yes' type='text/css' media='print' /> <link crossorigin='anonymous' rel='stylesheet' id='all-css-16-1' href='https://s0.wp.com/_static/??-eJx9y0EOwjAMRNELYQyiBbFAnKU1JgQ5dlQ7qnp7yq5s2M2X5uFcgUyDNTBeXNixthGd+SEcmJVwrmQFPBbhPbnvcENKgyotZXWceBRL60y4vjb5DyU2EKMhsulPwFOGPH3pvdyO/bU7dOdLf3p/AANwQOQ=&cssminify=yes' type='text/css' media='all' /> <style id='jetpack-global-styles-frontend-style-inline-css'> :root { --font-headings: unset; --font-base: unset; --font-headings-default: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif; --font-base-default: -apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Oxygen-Sans,Ubuntu,Cantarell,"Helvetica Neue",sans-serif;} </style> <link crossorigin='anonymous' rel='stylesheet' id='all-css-18-1' href='https://s0.wp.com/_static/??-eJyNjcsKQjEMBX/ImlsQry7ET5GahrbXNCmmRfx7H7gRN+7OwGEGbs2hSifpUIdrPFIRg4V6C3j5MNgQqBoHk4HlcKUYYry/Z5G0RrMV/C06FUEwxRLYsSa1L/iR9Uz1mc0bSKznwK/DsR787Kd5P/ntbnkAuNBIYA==&cssminify=yes' type='text/css' media='all' /> <script id="jetpack_related-posts-js-extra"> var related_posts_js_options = {"post_heading":"h4"}; </script> <script id="wpcom-actionbar-placeholder-js-extra"> var actionbardata = {"siteID":"70204527","postID":"216","siteURL":"https:\/\/arthurvandermerwe.com","xhrURL":"https:\/\/arthurvandermerwe.com\/wp-admin\/admin-ajax.php","nonce":"f1f7d771d3","isLoggedIn":"","statusMessage":"","subsEmailDefault":"instantly","proxyScriptUrl":"https:\/\/s0.wp.com\/wp-content\/js\/wpcom-proxy-request.js?ver=20211021","shortlink":"https:\/\/wp.me\/p4Kzp5-3u","i18n":{"followedText":"New posts from this site will now appear in your <a href=\"https:\/\/wordpress.com\/read\">Reader<\/a>","foldBar":"Collapse this bar","unfoldBar":"Expand this bar"}}; </script> <script id="jetpack-mu-wpcom-settings-js-before"> var JETPACK_MU_WPCOM_SETTINGS = {"assetsUrl":"https:\/\/s1.wp.com\/wp-content\/mu-plugins\/jetpack-mu-wpcom-plugin\/sun\/vendor\/automattic\/jetpack-mu-wpcom\/src\/build\/"}; </script> <script crossorigin='anonymous' type='text/javascript' src='https://s0.wp.com/_static/??-eJyVj9FuwjAMRX8IY9ppbHuY+BSUJqakc5woTqD9e4JAiPHGk3Vln2NdPCewUQpJwVAhcR29KE5UkrF/94xaBfdeLA7Vs8NMbAo5SFGL/k/r4GU96QqfvFO74QIpx3l53ZUjBVJMdUAlckwFjSo1baOsKpxM1qaW5eCZ+7dwT10HBz+/QgPH8dH0HLMzTsHyFby9DQlP/XWARIHRpdwUu/DbffWbz4/N9vtnugDPQXLc'></script> <script id="rlt-proxy-js-after"> rltInitialize( {"token":null,"iframeOrigins":["https:\/\/widgets.wp.com"]} ); </script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://arthurvandermerwe.wordpress.com/xmlrpc.php?rsd" /> <meta name="generator" content="WordPress.com" /> <link rel="canonical" href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" /> <link rel='shortlink' href='https://wp.me/p4Kzp5-3u' /> <link rel="alternate" type="application/json+oembed" href="https://public-api.wordpress.com/oembed/?format=json&url=https%3A%2F%2Farthurvandermerwe.com%2F2017%2F02%2F10%2Fmutual-authentication-using-certificates%2F&for=wpcom-auto-discovery" /><link rel="alternate" type="application/xml+oembed" href="https://public-api.wordpress.com/oembed/?format=xml&url=https%3A%2F%2Farthurvandermerwe.com%2F2017%2F02%2F10%2Fmutual-authentication-using-certificates%2F&for=wpcom-auto-discovery" />  <meta property="og:type" content="article" /> <meta property="og:title" content="Mutual Authentication using Certificates" /> <meta property="og:url" content="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" /> <meta property="og:description" content="Mutual SSL authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assu…" /> <meta property="article:published_time" content="2017-02-10T07:41:24+00:00" /> <meta property="article:modified_time" content="2018-09-25T12:33:27+00:00" /> <meta property="og:site_name" content="Cryptography & Payments" /> <meta property="og:image" content="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=200" /> <meta property="og:image:width" content="200" /> <meta property="og:image:height" content="200" /> <meta property="og:image:alt" content="" /> <meta property="og:locale" content="en_US" /> <meta property="article:publisher" content="https://www.facebook.com/WordPresscom" /> <meta name="twitter:text:title" content="Mutual Authentication using Certificates" /> <meta name="twitter:image" content="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=240" /> <meta name="twitter:card" content="summary" />  <link rel='openid.server' href='https://arthurvandermerwe.com/?openidserver=1' /> <link rel='openid.delegate' href='https://arthurvandermerwe.com/' /> <link rel="search" type="application/opensearchdescription+xml" href="https://arthurvandermerwe.com/osd.xml" title="Cryptography & Payments" /> <link rel="search" type="application/opensearchdescription+xml" href="https://s1.wp.com/opensearch.xml" title="WordPress.com" /> <link rel="pingback" href="https://arthurvandermerwe.com/xmlrpc.php"> <style type="text/css"> .recentcomments a { display: inline !important; padding: 0 !important; margin: 0 !important; } table.recentcommentsavatartop img.avatar, table.recentcommentsavatarend img.avatar { border: 0px; margin: 0; } table.recentcommentsavatartop a, table.recentcommentsavatarend a { border: 0px !important; background-color: transparent !important; } td.recentcommentsavatarend, td.recentcommentsavatartop { padding: 0px 0px 1px 0px; margin: 0px; } td.recentcommentstextend { border: none !important; padding: 0px 0px 2px 10px; } .rtl td.recentcommentstextend { padding: 0px 10px 2px 0px; } td.recentcommentstexttop { border: none; padding: 0px 0px 0px 10px; } .rtl td.recentcommentstexttop { padding: 0px 10px 0px 0px; } </style> <meta name="application-name" content="Cryptography & Payments" /><meta name="msapplication-window" content="width=device-width;height=device-height" /><meta name="msapplication-tooltip" content="Arthur Van Der Merwe" /><meta name="description" content="Mutual SSL authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others' identity. In technology terms, it refers to a client (ATM) authenticating themselves to a server (Switch) and that server also authenticating itself to the client…" /> <script> var wa_smart = { 'network_id': 3905, 'site_id': 560111, 'page_id': 1700829, 'blog_id': 70204527, 'post_id': 216, 'theme': 'pub/seedlet', 'target': 'wp_blog_id=70204527;language=en', '_': { 'title': 'Advertisement', 'privacy_settings': 'Privacy Settings' }, 'top': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135099 }, 'inline': { 'enabled': true, 'adflow_enabled': true, 'format_id': 110354, 'max_slots': 20, 'max_blaze_slots': 20 }, 'belowpost': { 'enabled': false, 'adflow_enabled': true, 'format_id': 134071 }, 'bottom_sticky': { 'enabled': false, 'adflow_enabled': true, 'format_id': 117571 }, 'sidebar': { 'enabled': false, 'adflow_enabled': true, 'format_id': 134686 }, 'sidebar_sticky_right': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135281 }, 'gutenberg_rectangle': { 'enabled': false, 'adflow_enabled': true, 'format_id': 134788 }, 'gutenberg_leaderboard': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135073 }, 'gutenberg_mobile_leaderboard': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135098 }, 'gutenberg_skyscraper': { 'enabled': false, 'adflow_enabled': true, 'format_id': 135088 } }; wa_smart.cmd = []; </script> <script type="text/javascript"> function __ATA_CC() {var v = document.cookie.match('(^|;) ?personalized-ads-consent=([^;]*)(;|$)');return v ? 1 : 0;} var __ATA_PP = { 'pt': 1, 'ht': 1, 'tn': 'seedlet', 'uloggedin': 0, 'amp': false, 'consent': __ATA_CC(), 'gdpr_applies': false, 'ad': { 'label': { 'text': 'Advertisements' }, 'reportAd': { 'text': 'Report this ad' } }, 'disabled_slot_formats': [ 'IAD' ], 'siteid': 70204527, 'afp_ad_client': 'pub-6694573643007653' }; var __ATA = __ATA || {}; __ATA.cmd = __ATA.cmd || []; __ATA.criteo = __ATA.criteo || {}; __ATA.criteo.cmd = __ATA.criteo.cmd || []; </script> <script type="text/javascript"> (function(){var g=Date.now||function(){return+new Date};function h(a,b){a:{for(var c=a.length,d="string"==typeof a?a.split(""):a,e=0;e<c;e++)if(e in d&&b.call(void 0,d[e],e,a)){b=e;break a}b=-1}return 0>b?null:"string"==typeof a?a.charAt(b):a[b]};function k(a,b,c){c=null!=c?"="+encodeURIComponent(String(c)):"";if(b+=c){c=a.indexOf("#");0>c&&(c=a.length);var d=a.indexOf("?");if(0>d||d>c){d=c;var e=""}else e=a.substring(d+1,c);a=[a.substr(0,d),e,a.substr(c)];c=a[1];a[1]=b?c?c+"&"+b:b:c;a=a[0]+(a[1]?"?"+a[1]:"")+a[2]}return a};var l=0;function m(a,b){var c=document.createElement("script");c.src=a;c.onload=function(){b&&b(void 0)};c.onerror=function(){b&&b("error")};a=document.getElementsByTagName("head");var d;a&&0!==a.length?d=a[0]:d=document.documentElement;d.appendChild(c)}function n(a){var b=void 0===b?document.cookie:b;return(b=h(b.split("; "),function(c){return-1!=c.indexOf(a+"=")}))?b.split("=")[1]:""}function p(a){return"string"==typeof a&&0<a.length} function r(a,b,c){b=void 0===b?"":b;c=void 0===c?".":c;var d=[];Object.keys(a).forEach(function(e){var f=a[e],q=typeof f;"object"==q&&null!=f||"function"==q?d.push(r(f,b+e+c)):null!==f&&void 0!==f&&(e=encodeURIComponent(b+e),d.push(e+"="+encodeURIComponent(f)))});return d.filter(p).join("&")}function t(a,b){a||((window.__ATA||{}).config=b.c,m(b.url))}var u=Math.floor(1E13*Math.random()),v=window.__ATA||{};window.__ATA=v;window.__ATA.cmd=v.cmd||[];v.rid=u;v.createdAt=g();var w=window.__ATA||{},x="s.pubmine.com"; w&&w.serverDomain&&(x=w.serverDomain);var y="//"+x+"/conf",z=window.top===window,A=window.__ATA_PP&&window.__ATA_PP.gdpr_applies,B="boolean"===typeof A?Number(A):null,C=window.__ATA_PP||null,D=z?document.referrer?document.referrer:null:null,E=z?window.location.href:document.referrer?document.referrer:null,F,G=n("__ATA_tuuid");F=G?G:null;var H=window.innerWidth+"x"+window.innerHeight,I=n("usprivacy"),J=r({gdpr:B,pp:C,rid:u,src:D,ref:E,tuuid:F,vp:H,us_privacy:I?I:null},"","."); (function(a){var b=void 0===b?"cb":b;l++;var c="callback__"+g().toString(36)+"_"+l.toString(36);a=k(a,b,c);window[c]=function(d){t(void 0,d)};m(a,function(d){d&&t(d)})})(y+"?"+J);}).call(this); </script> <script> var sas_fallback = sas_fallback || []; sas_fallback.push( { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 120,formFactor: \'001\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'belowpost' }, { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 310,formFactor: \'001\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'inline' }, { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 140,formFactor: \'003\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'sidebar' }, { tag: "<div id="atatags-702045271-{{unique_id}}"></div><script>__ATA.cmd.push(function() {__ATA.initDynamicSlot({id: \'atatags-702045271-{{unique_id}}\',location: 110,formFactor: \'002\',label: {text: \'Advertisements\',},creative: {reportAd: {text: \'Report this ad\',},privacySettings: {text: \'Privacy\',}}});});</script>", type: 'top' } ); </script><link rel="icon" href="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=32" sizes="32x32" /> <link rel="icon" href="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=192" sizes="192x192" /> <link rel="apple-touch-icon" href="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=180" /> <meta name="msapplication-TileImage" content="https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=270" /> </head> <body class="post-template-default single single-post postid-216 single-format-standard wp-embed-responsive customizer-styles-applied singular has-main-navigation jetpack-reblog-enabled"> <div id="page" class="site"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header header_classes has-title-and-tagline has-menu" role="banner"> <div class="site-branding"> <p class="site-title"><a href="https://arthurvandermerwe.com/" rel="home">Cryptography & Payments</a></p> <p class="site-description"> Arthur Van Der Merwe </p> </div> <nav id="site-navigation" class="primary-navigation" role="navigation" aria-label="Main"> <button id="primary-close-menu" class="button close"> <span class="dropdown-icon close">Close <svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12 10.9394L5.53033 4.46973L4.46967 5.53039L10.9393 12.0001L4.46967 18.4697L5.53033 19.5304L12 13.0607L18.4697 19.5304L19.5303 18.4697L13.0607 12.0001L19.5303 5.53039L18.4697 4.46973L12 10.9394Z" fill="currentColor"/></svg></span> <span class="hide-visually collapsed-text">collapsed</span> </button> <div class="primary-menu-container"><ul id="menu-financial-switching-1" class="menu-wrapper"><li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-239"><a href="https://arthurvandermerwe.com/category/hsm/">HSM</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-240"><a href="https://arthurvandermerwe.com/category/cryptography-2/">Cryptography</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-241"><a href="https://arthurvandermerwe.com/category/financial-switching/">Financial Switching</a></li> <li class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-242"><a href="https://arthurvandermerwe.com/category/atm-tracing/">ATM Tracing</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-27"><a href="https://arthurvandermerwe.com/downloads/">Downloads</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-5"><a href="https://arthurvandermerwe.com/about/">About</a></li> </ul></div> </nav> <div class="menu-button-container"> <button id="primary-open-menu" class="button open"> <span class="dropdown-icon open">Menu <svg class="svg-icon" width="24" height="24" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M4.5 6H19.5V7.5H4.5V6ZM4.5 12H19.5V13.5H4.5V12ZM19.5 18H4.5V19.5H19.5V18Z" fill="currentColor"/></svg></span> <span class="hide-visually expanded-text">expanded</span> </button> </div> <div class="menu-button-container"> </div> </header> <div id="content" class="site-content"> <section id="primary" class="content-area"> <main id="main" class="site-main" role="main"> <article id="post-216" class="post-216 post type-post status-publish format-standard hentry category-cryptography-2 entry"> <header class="entry-header default-max-width"> <h1 class="entry-title">Mutual Authentication using Certificates</h1> <div class="entry-meta"> </div> </header> <div class="entry-content"> <div class="cs-rating pd-rating" id="pd_rating_holder_7692610_post_216"></div><br/><p>Mutual SSL authentication or certificate based mutual authentication refers to two parties authenticating each other through verifying the provided digital certificate so that both parties are assured of the others’ identity. In technology terms, it refers to a client (ATM) authenticating themselves to a server (Switch) and that server also authenticating itself to the client through verifying the <a href="http://en.wikipedia.org/wiki/Digital_certificate">public key certificate/digital certificate</a> issued by the trusted <a href="http://en.wikipedia.org/wiki/Certificate_authority">Certificate Authorities (CAs)</a>.</p> <p>Because authentication relies on digital certificates, certification authorities and Certificate Server are an important part of the mutual authentication process. From a high-level point of view, the process of authenticating and establishing an encrypted channel using certificate-based mutual authentication involves the following steps in TLS:</p> <ol> <li>A client requests access to a protected resource.</li> <li>The server presents its certificate to the client.</li> <li>The client verifies the server’s certificate.</li> <li>If successful, the client sends its certificate to the server.</li> <li>The server verifies the client’s credentials.</li> <li>If successful, the server grants access to the protected resource requested by the client.</li> </ol> <p> </p> <h2><a name="_Toc473815937"></a>TLS Mutual Authentication Handshake</h2> <p> </p> <p>The TLS handshake firstly agrees the protocol to be used by both parties, then exchanges certificates and validates the signatures on each certificates. Below are more detailed steps explaining the handshake.</p> <ol> <li>The TLS client sends a “client hello” message that lists cryptographic information such as the SSL or TLS version and, in the client’s order of preference, the CipherSuites supported by the client. The message also contains a random byte string that is used in subsequent computations. The protocol allows for the “client hello” to include the data compression methods supported by the client.</li> <li>The TLS server responds with a “server hello” message that contains the CipherSuite chosen by the server from the list provided by the client, the session ID, and another random byte string. The server also sends its digital certificate. The server sends a “client certificate request” that includes a list of the types of certificates supported and the Distinguished Names of acceptable Certification Authorities (CAs).</li> <li>The TLS client verifies the server’s digital certificate.</li> <li>The TLS client sends the random byte string that enables both the client and the server to compute the secret key to be used for encrypting subsequent message data. The random byte string itself is encrypted with the server’s public key.</li> <li>If the TLS server sent a “client certificate request”, the client sends a random byte string encrypted with the client’s private key, together with the client’s digital certificate, or a “no digital certificate alert”. This alert is only a warning, but we will not be allowing transactions without a client certificate.</li> <li>The TLS server verifies the client’s certificate.</li> <li>The TLS client sends the server a “finished” message, which is encrypted with the secret key, indicating that the client part of the handshake is complete.</li> <li>The TLS server sends the client a “finished” message, which is encrypted with the secret key, indicating that the server part of the handshake is complete.</li> <li>For the duration of the TLS session, the server and client can now exchange messages that are symmetrically encrypted with the shared secret key.</li> </ol> <p>In order to have a clear understanding of public key cryptography and digital signatures, the following section provides a high level overview of the encryption scheme using mutual authentication and certificate authorities.</p> <p> </p> <h2><a name="_Toc473815938"></a>Public-key certificate scheme Basics</h2> <p><em>In this section we use Alice and Bob as two parties that exchange messages, Oscar is a malicious user trying to decrypt and steal data.</em></p> <p>The underlying problem with normal RSA is that the server has no real proof of who its communicating to. If a server is issuing public keys to all parties, how can it identify each individual user and ensue the public keys belong to valid users? Public certificates are also susceptible to Man in the Middle Attacks (MIM) where Oscar can pretend to be Alice and the server have not way of knowing.</p> <p>Message authentication ensures that the sender of a message is authentic. However, in the scenario at hand Bob receives a public key which is supposedly Alice’s, but he has no way of knowing whether that is in fact the case. To make this point clear, let’s examine how a key of a user Alice would look in practice:</p> <p style="text-align:center;"><em>k</em><em>A </em>= (<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)</p> <p><em>,</em>where <em>ID</em><em>A </em>is identifying information, e.g., Alice’s IP address or her name together with date of birth. The actual public key <em>k</em><em>pub</em><em>,</em><em>A</em>, however, is a mere binary string, e.g., 2048 bit. If Oscar performs a MIM attack, he would change the key to:</p> <p style="text-align:center;"><em>k</em><em>A </em>= (<em>k</em><em>pub</em><em>,</em><em>O</em><em>,</em><em>ID</em><em>A</em>)</p> <p>Since everything is unchanged except the anonymous actual bit string, the receiver will not be able to detect that it is in fact Oscar’s. This observation has far-reaching consequences which can be summarized as: <strong>Even though public-key schemes do not require a secure channel; they require authenticated channels for the distribution of the public keys.</strong></p> <p>The idea behind certificates and authenticated channels is quite easy: Since the authenticity of the message (<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)is violated by an active Man in the middle attack, we apply a cryptographic mechanism that provides authentication. More specifically, we use digital signatures. Thus, a certificate for a user Alice in its most basic form is the following structure where <em>ID</em><em>A </em>is identifying information like a terminal id or serial number:</p> <p style="text-align:center;">Cert<em>A </em>= [(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em>sig<em>k</em><em>pr </em>(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)]</p> <p>The idea is that the receiver of a certificate verifies the signature prior to using the certificate, and both the client and the server validates the signature before using the public key. The signature protects the signed message which is the structure (<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>) in this case—against manipulation. If Oscar attempts to replace <em>k</em><em>pub</em><em>,</em><em>A </em>by <em>k</em><em>pub</em><em>,</em><em>O </em>it will be detected. Thus, it is said that certificates bind the identity of a user to their public key.</p> <p> </p> <p>Certificates require that the receiver has the correct verification key, which is a public key. If we were to use Alice’s public key for this, we would have the same problem that we are actually trying to solve and Oscar can impersonate Alice. Instead, the signatures for certificates are provided by a mutually trusted third party. This party is called the Certification Authority commonly abbreviated as CA. It is the task of the CA to generate and issue certificates for all users in the system.</p> <p>For certificate generation, we can distinguish between two main cases. In the first case, the user computes her own asymmetric key pair and merely requests the CA to sign the public key, as shown in the following simple protocol for a user named Alice:</p> <p> </p> <p> </p> <p>Table 1 Certificate Generation with User-Provided Keys</p> <table> <tbody> <tr> <td width="245">Description</td> <td width="123"><strong>Alice</strong></td> <td width="123"><strong>Request / Response</strong></td> <td width="156"><strong>CA</strong></td> </tr> <tr> <td width="245">Alice generates a public private key pair</td> <td width="123">generate <em>k</em><em>pr</em><em>,</em><em>A</em><em>, </em><em>k</em><em>pub</em><em>,</em><em>A</em></td> <td width="123"> </td> <td width="156"> </td> </tr> <tr> <td width="245">Sends this to the CA</td> <td width="123"> </td> <td width="123">RQST(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>→</em></td> <td width="156"> </td> </tr> <tr> <td width="245">CA verifies Alice’s identity</td> <td width="123"> </td> <td width="123"> </td> <td width="156">verify <em>ID</em><em>A</em></td> </tr> <tr> <td width="245">CA signs Alice public key with its private key</td> <td width="123"> </td> <td width="123"> </td> <td width="156"><em>s</em><em>A </em>= sig<em>k</em><em>pr </em><em>,</em><em>CA</em>(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)</td> </tr> <tr> <td width="245">CA creates a certificate (public private key pair) with its signature</td> <td width="123"> </td> <td width="123"> </td> <td width="156">Cert<em>A </em>= [(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em><em>s</em><em>A</em>]</td> </tr> <tr> <td width="245">Certificate is distributed to Alice for usage</td> <td width="123"> </td> <td width="123"><em>←</em>Cert<em>A</em></td> <td width="156"> </td> </tr> <tr> <td width="245"> </td> <td width="123"> </td> <td width="123"> </td> <td width="156"> </td> </tr> </tbody> </table> <p>From a security point of view, the first transaction is crucial. It must be assured that Alice’s message (<em>k</em><em>pub</em><em>,</em><em>A</em><em>, </em><em>ID</em><em>A</em>) is sent via an authenticated channel. Otherwise, Oscar could request a certificate in Alice’s name.</p> <p>In practice it is often advantageous that the CA not only signs the public keys but also generates the public–private key pairs for each user. In this case, a basic protocol looks like this:</p> <p>Table 2 Certificate Generation with CA-Generated Keys</p> <table> <tbody> <tr> <td width="245">Description</td> <td width="123"><strong>Alice</strong></td> <td width="123"><strong>Request / Response</strong></td> <td width="156"><strong>CA</strong></td> </tr> <tr> <td width="245">Alice request certificate</td> <td width="123">request certificate</td> <td width="123"> </td> <td width="156"> </td> </tr> <tr> <td width="245">Sends this to the CA</td> <td width="123"> </td> <td width="123"><em>−</em>RQST(<em>,</em><em>ID</em><em>A</em>)<em>→</em></td> <td width="156"> </td> </tr> <tr> <td width="245">CA verifies Alice’s identity</td> <td width="123"> </td> <td width="123"> </td> <td width="156">verify <em>ID</em><em>A</em></td> </tr> <tr> <td width="245">CA generates new certificate</td> <td width="123"> </td> <td width="123"> </td> <td width="156">generate <em>k</em><em>pr</em><em>,</em><em>A</em><em>, </em><em>k</em><em>pub</em><em>,</em><em>A</em></td> </tr> <tr> <td width="245">CA signs Alice public key with its private key</td> <td width="123"> </td> <td width="123"> </td> <td width="156"><em>s</em><em>A </em>= sig<em>k</em><em>pr </em><em>,</em><em>CA</em>(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)</td> </tr> <tr> <td width="245">CA creates a certificate (public private key pair) with its signature</td> <td width="123"> </td> <td width="123"> </td> <td width="156">Cert<em>A </em>= [(<em>k</em><em>pub</em><em>,</em><em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em><em>s</em><em>A</em>]</td> </tr> <tr> <td width="245">Certificate is distributed to Alice for usage</td> <td width="123"> </td> <td width="123"><em>←</em>Cert<em>A</em></td> <td width="156"> </td> </tr> <tr> <td width="245"> </td> <td width="123"> </td> <td width="123"> </td> <td width="156"> </td> </tr> </tbody> </table> <p>For the first transmission, an authenticated channel is needed. In other words: The CA must be assured that it is really Alice who is requesting a certificate, and not Oscar who is requesting a certificate in Alice’s name. Even more sensitive is the second transmission consisting of (Cert<em>A</em><em>, </em><em>k</em><em>pr</em><em>,</em><em>A</em>). Because the private key is being sent here, not only an authenticated but a secure channel is required. In practice, this could be a certificate delivered by mail or USB stick.</p> <p>Table 3 Diffie–Hellman Key Exchange with Certificates</p> <table> <tbody> <tr> <td width="245">Description</td> <td width="123"><strong>Alice</strong></td> <td width="123"><strong>Request / Response</strong></td> <td width="156"><strong>Bob</strong></td> </tr> <tr> <td width="245">Both Alice and Bob have private keys issued by a trusted CA</td> <td width="123"><em>a </em>= <em>k</em><em>pr</em><em>,</em><em>A</em></td> <td width="123"> </td> <td width="156"><em>b </em>= <em>k</em><em>pr</em><em>,</em><em>B</em></td> </tr> <tr> <td width="245"> </td> <td width="123"><em>A </em>= <em>k</em><em>pub</em><em>,</em><em>A </em><em>≡</em> a<em> <sup>a </sup></em>mod <em>p</em></td> <td width="123"> </td> <td width="156"><em>B</em>= <em>k</em><em>pub</em><em>,</em><em>B </em><em>≡</em>a<em><sup>B</sup></em> mod <em>p</em></td> </tr> <tr> <td width="245">Both Alice and Bob generates a public key and signs it with their private key and identity</td> <td width="123">Cert<em>A </em>= [(<em>A</em><em>,</em><em>ID</em><em>A</em>)<em>, </em><em>s</em><em>A</em>]</td> <td width="123"> </td> <td width="156">Cert<em>B </em>= [(<em>B</em><em>,</em><em>ID</em><em>B</em>)<em>, </em><em>s</em><em>B</em>]</td> </tr> <tr> <td rowspan="2" width="245">Certificates are exchanged</td> <td width="123"> </td> <td width="123"><em> </em>Cert<em>A</em><em> →</em></td> <td width="156"> </td> </tr> <tr> <td width="123"> </td> <td width="123"><em>←</em>Cert<em>B</em></td> <td width="156"> </td> </tr> <tr> <td width="245"> </td> <td width="123">verify certificate:</td> <td width="123"> </td> <td width="156">verify certificate:</td> </tr> <tr> <td width="245">Both Alice and Bob use the public key of the CA to verify the signature of the certificate</td> <td width="123">ver<em>k</em><em>pub</em><em>,</em><em>CA </em>(Cert<em>B</em>)</td> <td width="123"> </td> <td width="156">ver<em>k</em><em>pub</em><em>,</em><em>CA </em>(Cert<em>A</em>)</td> </tr> <tr> <td width="245"> </td> <td width="123">compute session key:</td> <td width="123"> </td> <td width="156">compute session key:</td> </tr> <tr> <td width="245">Session key can now be computed.</td> <td width="123"><em>k</em><em>AB </em><em>≡ </em><em>B</em><em>a </em>mod<em>p</em></td> <td width="123"> </td> <td width="156"><em>k</em><em>AB </em><em>≡ </em><em>A</em><em>b </em>mod <em>p</em></td> </tr> </tbody> </table> <p> </p> <p>One very crucial point here is the verification of the certificates. Obviously, without verification, the signatures within the certificates would be of no use. As can be seen in the protocol, verification requires the public key of the CA. This key must be transmitted via an authenticated channel; What’s happening here from a more abstract point of view is extremely interesting, namely a transfer of trust. With the introduction of certificates, they only have to trust the CA’s public key <em>k</em><em>pub</em><em>,</em><em>CA</em>. If the CA signs other public keys, Alice and Bob know that they can also trust those. This is called a chain of trust.</p> <p> </p> <h2><a name="_Toc473815939"></a>Certificate Structure</h2> <p>Discussing the fields defined in a X.509 certificate gives us some insight into many aspects of PKIs. We discuss the most relevant ones in the following:</p> <ul> <li><strong><em>Certificate Algorithm:</em></strong> Here it is specified which signature algorithm is being used, e.g., RSA with SHA-1 or ECDSA with SHA-2, and with which parameters, e.g., the bit lengths.</li> <li><strong>Issuer:</strong> There are many companies and organizations that issue certificates. This field specifies who generated the one at hand.</li> <li><strong>Period of Validity: In</strong> most cases, a public key is not certified indefinitely but rather for a limited time, e.g., for one or two years. One reason for doing this is that private keys which belong to the certificate may become compromised. By limiting the validity period, there is only a certain time span during which an attacker can maliciously use the private key. Another reason for a restricted lifetime is that, especially for certificates for companies, it can happen that the user ceases to exist. If the certificates, and thus the public keys, are only valid for limited time, the damage can be controlled.</li> <li><strong>Subject:</strong> This field contains what was called <em>ID</em><em>A </em>or <em>ID</em><em>B </em>in our earlier examples. It contains identifying information such as names of people or organizations. Note that not only actual people but also entities like companies can obtain certificates.</li> <li><strong>Subject’s Public Key:</strong> The public key that is to be protected by the certificate is here. In addition to the binary string which is the public key, the algorithm (e.g., Diffie–Hellman) and the algorithm parameters, e.g., the modulus p and the primitive element a, are stored.</li> <li><strong>Signature:</strong> The signature over all other fields of the certificate.</li> </ul> <p> </p> <p>We note that for every signature two public key algorithms are involved: the one whose public key is protected by the certificate and the algorithm with which the certificate is signed. These can be entirely different algorithms and parameter sets. For instance, the certificate might be signed with an RSA 2048-bit algorithm, while the public key within the certificate could belong to a 160-bit elliptic curve scheme.</p> <h2><a name="_Toc473815940"></a>Certificate Revocation</h2> <p>One major issue in practice is that it must be possible to revoke certificates. A common reason is that a certificate is stored on a smart card which is lost. Another reason could be that a person left an organization and one wants to make sure that she is not using the public key that was given to her. The solution in these situations seems easy: Just publish a list with all certificates that are currently invalid. Such a list is called a certificate revocation list, or CRL. Typically, the serial numbers of certificates are used to identify the revoked certificates. Of course, a CRL must be signed by the CA since otherwise attacks are possible.</p> <p> </p> <p>The problem with CLRs is how to transmit them to the users. The most straightforward way is that every user contacts the issuing CA every time a certificate of another user is received. The major drawback is that now the CA is involved in every session set-up. This was one major drawback of KDC-based, i.e., symmetric key, approaches. The promise of certificate-based communication was that no online contact to a central authority was needed.</p> <p>An alternative is that CRLs are sent out periodically. The problem with this approach is that there is always a period during which a certificate is invalid but users have not yet been informed. For instance, if the CRL is sent out at 3:00 am every morning (a time with relatively little network traffic otherwise), a dishonest person could have almost a whole day where a revoked certificate is still valid. To counter this, the CRL update period can be shortened, say to one hour.</p> <p>However, this would be a tremendous burden on the bandwidth of the network. This is an instructive example for the trade-off between costs in the form of network traffic on one hand, and security on the other hand. In practice, a reasonable compromise must be found. In order to keep the size of CRLs moderate, often only the changes from the last CRL broadcast are sent out. These update-only CRLs are referred to as <strong><em>delta CRLs</em></strong>.</p> <span id="wordads-inline-marker" style="display: none;"></span><div id="atatags-702045275-67420c5abd1b7"> <script type="text/javascript"> __ATA.cmd.push(function() { __ATA.initVideoSlot('atatags-702045275-67420c5abd1b7', { sectionId: '702045275', format: 'inread' }); }); </script> </div> <div id="atatags-702045271-67420c5abd261"></div> <script> __ATA.cmd.push(function() { __ATA.initDynamicSlot({ id: 'atatags-702045271-67420c5abd261', location: 120, formFactor: '001', label: { text: 'Advertisements', }, creative: { reportAd: { text: 'Report this ad', }, privacySettings: { text: 'Privacy', } } }); }); </script><div id="jp-post-flair" class="sharedaddy sd-rating-enabled sd-like-enabled sd-sharing-enabled"><div class="sharedaddy sd-sharing-enabled"><div class="robots-nocontent sd-block sd-social sd-social-icon sd-sharing"><h3 class="sd-title">Share this:</h3><div class="sd-content"><ul><li class="share-twitter"><a rel="nofollow noopener noreferrer" data-shared="sharing-twitter-216" class="share-twitter sd-button share-icon no-text" href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/?share=twitter" target="_blank" title="Click to share on Twitter" ><span></span><span class="sharing-screen-reader-text">Click to share on Twitter (Opens in new window)</span></a></li><li class="share-facebook"><a rel="nofollow noopener noreferrer" data-shared="sharing-facebook-216" class="share-facebook sd-button share-icon no-text" href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/?share=facebook" target="_blank" title="Click to share on Facebook" ><span></span><span class="sharing-screen-reader-text">Click to share on Facebook (Opens in new window)</span></a></li><li class="share-end"></li></ul></div></div></div><div class='sharedaddy sd-block sd-like jetpack-likes-widget-wrapper jetpack-likes-widget-unloaded' id='like-post-wrapper-70204527-216-67420c5abe142' data-src='//widgets.wp.com/likes/index.html?ver=20241123#blog_id=70204527&post_id=216&origin=arthurvandermerwe.wordpress.com&obj_id=70204527-216-67420c5abe142&domain=arthurvandermerwe.com' data-name='like-post-frame-70204527-216-67420c5abe142' data-title='Like or Reblog'><div class='likes-widget-placeholder post-likes-widget-placeholder' style='height: 55px;'><span class='button'><span>Like</span></span> <span class='loading'>Loading...</span></div><span class='sd-text-color'></span><a class='sd-link-color'></a></div> <div id='jp-relatedposts' class='jp-relatedposts' > <h3 class="jp-relatedposts-headline"><em>Related</em></h3> </div></div> </div> <footer class="entry-footer default-max-width"> <span class="byline"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M15 7.5C15 9.15685 13.6569 10.5 12 10.5C10.3431 10.5 9 9.15685 9 7.5C9 5.84315 10.3431 4.5 12 4.5C13.6569 4.5 15 5.84315 15 7.5ZM16.5 7.5C16.5 9.98528 14.4853 12 12 12C9.51472 12 7.5 9.98528 7.5 7.5C7.5 5.01472 9.51472 3 12 3C14.4853 3 16.5 5.01472 16.5 7.5ZM19.5 19.5V16.245C19.5 14.729 18.271 13.5 16.755 13.5L7.245 13.5C5.72898 13.5 4.5 14.729 4.5 16.245L4.5 19.5H6L6 16.245C6 15.5574 6.5574 15 7.245 15L16.755 15C17.4426 15 18 15.5574 18 16.245V19.5H19.5Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted by</span><span class="author vcard"><a class="url fn n" href="https://arthurvandermerwe.com/author/arthurvdmerwe/">arthurvdmerwe</a></span></span><span class="posted-on"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M19.5 7.5H4.5V19.0005C4.5 19.2764 4.72363 19.5 4.9995 19.5H19.0005C19.2764 19.5 19.5 19.2764 19.5 19.0005V7.5ZM3 7.5V4.9995V4.995C3 3.89319 3.89319 3 4.995 3H4.9995H19.0005H19.005C20.1068 3 21 3.89319 21 4.995V4.9995V7.5V19.0005C21 20.1048 20.1048 21 19.0005 21H4.9995C3.89521 21 3 20.1048 3 19.0005V7.5ZM7.5 10.5H9V12H7.5V10.5ZM9 15H7.5V16.5H9V15ZM11.25 10.5H12.75V12H11.25V10.5ZM12.75 15H11.25V16.5H12.75V15ZM15 10.5H16.5V12H15V10.5ZM16.5 15H15V16.5H16.5V15Z" fill="currentColor"/></svg><a href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" rel="bookmark"><time class="entry-date published" datetime="2017-02-10T18:41:24+11:00">February 10, 2017</time><time class="updated" datetime="2018-09-25T22:33:27+10:00">September 25, 2018</time></a></span><span class="cat-links"><svg class="svg-icon" width="16" height="16" aria-hidden="true" role="img" focusable="false" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M12.1979 8.25L11.2098 6.27363C11.1259 6.10593 10.9545 6 10.767 6H4.995C4.72162 6 4.5 6.22162 4.5 6.495V17.505C4.5 17.7784 4.72162 18 4.995 18H19.0005C19.2764 18 19.5 17.7764 19.5 17.5005V8.7495C19.5 8.47363 19.2764 8.25 19.0005 8.25H12.1979ZM13.125 6.75H19.0005C20.1048 6.75 21 7.64521 21 8.7495V17.5005C21 18.6048 20.1048 19.5 19.0005 19.5H4.995C3.89319 19.5 3 18.6068 3 17.505V6.495C3 5.39319 3.89319 4.5 4.995 4.5H10.767C11.5227 4.5 12.2135 4.92693 12.5514 5.60281L13.125 6.75Z" fill="currentColor"/></svg><span class="screen-reader-text">Posted in</span><a href="https://arthurvandermerwe.com/category/cryptography-2/" rel="category tag">Cryptography</a></span> </footer> <div class="entry-author author-avatar-show"> <div class="author-avatar"> <img alt='' src='https://0.gravatar.com/avatar/348f4a382f4bf6e3e47950e950b68a777ca8894f20fdde38ad1073656a2f5f63?s=48&d=https%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D48&r=G' srcset='https://0.gravatar.com/avatar/348f4a382f4bf6e3e47950e950b68a777ca8894f20fdde38ad1073656a2f5f63?s=48&d=https%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D48&r=G 1x, https://0.gravatar.com/avatar/348f4a382f4bf6e3e47950e950b68a777ca8894f20fdde38ad1073656a2f5f63?s=72&d=https%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D72&r=G 1.5x, https://0.gravatar.com/avatar/348f4a382f4bf6e3e47950e950b68a777ca8894f20fdde38ad1073656a2f5f63?s=96&d=https%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D96&r=G 2x, https://0.gravatar.com/avatar/348f4a382f4bf6e3e47950e950b68a777ca8894f20fdde38ad1073656a2f5f63?s=144&d=https%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D144&r=G 3x, https://0.gravatar.com/avatar/348f4a382f4bf6e3e47950e950b68a777ca8894f20fdde38ad1073656a2f5f63?s=192&d=https%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D192&r=G 4x' class='avatar avatar-48' height='48' width='48' loading='lazy' decoding='async' /> </div> <div class="author-heading"> <h2 class="author-title"> Published by <span class="author-name">arthurvdmerwe</span> </h2> </div> <p class="author-bio"> <a class="author-link" href="https://arthurvandermerwe.com/author/arthurvdmerwe/" rel="author"> View all posts by arthurvdmerwe </a> </p> </div> </article> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://arthurvandermerwe.com/2016/09/04/importing-zpk-and-zmk-into-thales-payshield-9000-hsm/" rel="prev"><span class="meta-nav" aria-hidden="true">Previous Post</span> <span class="screen-reader-text">Previous post:</span> <br/><span class="post-title">Importing ZPK and ZMK into Thales Payshield 9000 HSM</span></a></div><div class="nav-next"><a href="https://arthurvandermerwe.com/2017/12/29/from-bi-linear-maps-to-searchable-encryption/" rel="next"><span class="meta-nav" aria-hidden="true">Next Post</span> <span class="screen-reader-text">Next post:</span> <br/><span class="post-title">From Bi-Linear Maps to Searchable Encryption</span></a></div></div> </nav> <div id="comments" class="comments-area default-max-width"> <div id="respond" class="comment-respond"> <h3 id="reply-title" class="comment-reply-title">Leave a Comment <small><a rel="nofollow" id="cancel-comment-reply-link" href="/2017/02/10/mutual-authentication-using-certificates/#respond" style="display:none;">Cancel reply</a></small></h3><form action="https://arthurvandermerwe.com/wp-comments-post.php" method="post" id="commentform" class="comment-form" novalidate> <div id="comment-form__verbum" class="transparent"></div><div class="verbum-form-meta"><input type='hidden' name='comment_post_ID' value='216' id='comment_post_ID' /> <input type='hidden' name='comment_parent' id='comment_parent' value='0' /> <input type="hidden" name="highlander_comment_nonce" id="highlander_comment_nonce" value="cd76d8af24" /> <input type="hidden" name="verbum_show_subscription_modal" value="" /></div><p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="7b769d296e" /></p><p style="display: none !important;" class="akismet-fields-container" data-prefix="ak_"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="158"/><script>document.getElementById( "ak_js_1" ).setAttribute( "value", ( new Date() ).getTime() );</script></p></form> </div> </div> </main> </section> </div> <footer id="colophon" class="site-footer default-max-width" role="contentinfo" aria-label="Footer"> <div class="widget-area"> <div class="widget-column footer-widget-1"> <section id="recent-posts-4" class="widget widget_recent_entries"> <h2 class="widget-title">Recent Posts</h2><nav aria-label="Recent Posts"> <ul> <li> <a href="https://arthurvandermerwe.com/2020/02/16/a-brief-comparison-of-as2805-and-key-blocks/">A brief comparison of AS2805 and (TR-31) Key Blocks</a> </li> <li> <a href="https://arthurvandermerwe.com/2020/01/19/what-is-the-random-oracle-model-and-why-should-you-care-part-5-a-few-thoughts-on-cryptographic-engineering/">What is the random oracle model and why should you care? (Part 5) — A Few Thoughts on Cryptographic Engineering</a> </li> <li> <a href="https://arthurvandermerwe.com/2019/02/21/attack-of-the-week-searchable-encryption-and-the-ever-expanding-leakage-function-a-few-thoughts-on-cryptographic-engineering/">Attack of the week: searchable encryption and the ever-expanding leakage function — A Few Thoughts on Cryptographic Engineering</a> </li> <li> <a href="https://arthurvandermerwe.com/2017/12/29/from-bi-linear-maps-to-searchable-encryption/">From Bi-Linear Maps to Searchable Encryption</a> </li> <li> <a href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" aria-current="page">Mutual Authentication using Certificates</a> </li> <li> <a href="https://arthurvandermerwe.com/2016/09/04/importing-zpk-and-zmk-into-thales-payshield-9000-hsm/">Importing ZPK and ZMK into Thales Payshield 9000 HSM</a> </li> <li> <a href="https://arthurvandermerwe.com/2016/07/23/signature-and-certificate-based-key-injection-for-atm/">Signature and Certificate based key injection for ATM</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/07/31/the-refund-vulnerability-of-as2805-and-eftpos/">The Refund vulnerability of AS2805 and EFTPOS</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/05/30/dukpt-explained-with-examples/">DUKPT Explained with examples</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/05/28/eftpos-initialisation-using-rsa-cryptography/">EFTPOS Initialisation using RSA Cryptography</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/05/20/atm-pin-encryption-using-3des/">ATM Pin encryption using 3DES</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/03/03/implementing-as2805-part-3-using-a-thales-9000-and-python/">Implementing AS2805 Part 6 Host to Host Encryption using a Thales 9000 and Python</a> </li> <li> <a href="https://arthurvandermerwe.com/2015/01/04/typical-cryptography-in-as2805-explained/">Typical Cryptography in AS2805 Explained</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/12/02/thales-9000-and-as2805-interchange-commands/">Thales 9000 with AS2805 Interchange & RSA EFTPOS Commands.</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/08/06/thales-key-exchange-examples-and-troubleshooting/">Thales Key Exchange Examples and Troubleshooting</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/08/06/testing-dukpt/">Testing DUKPT</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/07/06/parsing-as25058583-messages/">Parsing AS2505/8583 Messages</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/25/dynamic-key-exchange-models/">Dynamic Key Exchange Models</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/25/doing-pin-translation/">Doing PIN Translation with DUKPT</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/25/credit-vs-debit/">Credit vs Debit</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/22/as2805-standards-for-eft/">AS2805 Standards for EFT</a> </li> <li> <a href="https://arthurvandermerwe.com/2014/06/22/trace-your-atm-transactions/">Trace your ATM Transactions</a> </li> </ul> </nav></section><section id="archives-6" class="widget widget_archive"><h2 class="widget-title">Archives</h2><nav aria-label="Archives"> <ul> <li><a href='https://arthurvandermerwe.com/2020/02/'>February 2020</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2020/01/'>January 2020</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2019/02/'>February 2019</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2017/12/'>December 2017</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2017/02/'>February 2017</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2016/09/'>September 2016</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2016/07/'>July 2016</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2015/07/'>July 2015</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2015/05/'>May 2015</a> (3)</li> <li><a href='https://arthurvandermerwe.com/2015/03/'>March 2015</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2015/01/'>January 2015</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2014/12/'>December 2014</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2014/08/'>August 2014</a> (2)</li> <li><a href='https://arthurvandermerwe.com/2014/07/'>July 2014</a> (1)</li> <li><a href='https://arthurvandermerwe.com/2014/06/'>June 2014</a> (5)</li> </ul> </nav></section><section id="wpcom_social_media_icons_widget-4" class="widget widget_wpcom_social_media_icons_widget"><h2 class="widget-title">Social</h2><ul><li><a href="https://www.linkedin.com/in/arthur-van-der-merwe-a7a96a27" class="genericon genericon-linkedin" target="_blank"><span class="screen-reader-text">LinkedIn</span></a></li><li><a href="https://github.com/Arthurvdmerwe" class="genericon genericon-github" target="_blank"><span class="screen-reader-text">GitHub</span></a></li></ul></section> </div> </div> <div class="site-info"> <a class="site-name" href="https://arthurvandermerwe.com/" rel="home">Cryptography & Payments</a><span class="comma">,</span> <a href="https://wordpress.com/?ref=footer_website" rel="nofollow">Create a free website or blog at WordPress.com.</a> </div> </footer> </div>  <script src="//0.gravatar.com/js/hovercards/hovercards.min.js?ver=2024474048849247f5660a2d05b85c6fc286379897f30a1061ad46e7f037e059ed7fe7" id="grofiles-cards-js"></script> <script id="wpgroho-js-extra"> var WPGroHo = {"my_hash":""}; </script> <script crossorigin='anonymous' type='text/javascript' src='https://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1610363240i'></script> <script> // Initialize and attach hovercards to all gravatars ( function() { function init() { if ( typeof Gravatar === 'undefined' ) { return; } if ( typeof Gravatar.init !== 'function' ) { return; } Gravatar.profile_cb = function ( hash, id ) { WPGroHo.syncProfileData( hash, id ); }; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wp-admin-bar-my-account', { i18n: { 'Edit your profile': 'Edit your profile', 'View profile': 'View profile', 'Sorry, we are unable to load this Gravatar profile.': 'Sorry, we are unable to load this Gravatar profile.', 'Profile not found.': 'Profile not found.', 'Too Many Requests.': 'Too Many Requests.', 'Internal Server Error.': 'Internal Server Error.', }, } ); } if ( document.readyState !== 'loading' ) { init(); } else { document.addEventListener( 'DOMContentLoaded', init ); } } )(); </script> <div style="display:none"> <div class="grofile-hash-map-1e5a0566295c26fed641fd2444da4bec"> </div> </div> <div id="actionbar" style="display: none;" class="actnbr-pub-seedlet actnbr-has-follow"> <ul> <li class="actnbr-btn actnbr-hidden"> <a class="actnbr-action actnbr-actn-comment" href="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/#respond"> <svg class="gridicon gridicons-comment" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M12 16l-5 5v-5H5c-1.1 0-2-.9-2-2V5c0-1.1.9-2 2-2h14c1.1 0 2 .9 2 2v9c0 1.1-.9 2-2 2h-7z"/></g></svg> <span>Comment </span> </a> </li> <li class="actnbr-btn actnbr-hidden"> <a class="actnbr-action actnbr-actn-reblog" href=""> <svg class="gridicon gridicons-reblog" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M22.086 9.914L20 7.828V18c0 1.105-.895 2-2 2h-7v-2h7V7.828l-2.086 2.086L14.5 8.5 19 4l4.5 4.5-1.414 1.414zM6 16.172V6h7V4H6c-1.105 0-2 .895-2 2v10.172l-2.086-2.086L.5 15.5 5 20l4.5-4.5-1.414-1.414L6 16.172z"/></g></svg><span>Reblog</span> </a> </li> <li class="actnbr-btn actnbr-hidden"> <a class="actnbr-action actnbr-actn-follow " href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path clip-rule="evenodd" d="m4 4.5h12v6.5h1.5v-6.5-1.5h-1.5-12-1.5v1.5 10.5c0 1.1046.89543 2 2 2h7v-1.5h-7c-.27614 0-.5-.2239-.5-.5zm10.5 2h-9v1.5h9zm-5 3h-4v1.5h4zm3.5 1.5h-1v1h1zm-1-1.5h-1.5v1.5 1 1.5h1.5 1 1.5v-1.5-1-1.5h-1.5zm-2.5 2.5h-4v1.5h4zm6.5 1.25h1.5v2.25h2.25v1.5h-2.25v2.25h-1.5v-2.25h-2.25v-1.5h2.25z" fill-rule="evenodd"></path></svg> <span>Subscribe</span> </a> <a class="actnbr-action actnbr-actn-following no-display" href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path fill-rule="evenodd" clip-rule="evenodd" d="M16 4.5H4V15C4 15.2761 4.22386 15.5 4.5 15.5H11.5V17H4.5C3.39543 17 2.5 16.1046 2.5 15V4.5V3H4H16H17.5V4.5V12.5H16V4.5ZM5.5 6.5H14.5V8H5.5V6.5ZM5.5 9.5H9.5V11H5.5V9.5ZM12 11H13V12H12V11ZM10.5 9.5H12H13H14.5V11V12V13.5H13H12H10.5V12V11V9.5ZM5.5 12H9.5V13.5H5.5V12Z" fill="#008A20"></path><path class="following-icon-tick" d="M13.5 16L15.5 18L19 14.5" stroke="#008A20" stroke-width="1.5"></path></svg> <span>Subscribed</span> </a> <div class="actnbr-popover tip tip-top-left actnbr-notice" id="follow-bubble"> <div class="tip-arrow"></div> <div class="tip-inner actnbr-follow-bubble"> <ul> <li class="actnbr-sitename"> <a href="https://arthurvandermerwe.com"> <img loading='lazy' alt='' src='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50' srcset='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50 1x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=75 1.5x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=100 2x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=150 3x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=200 4x' class='avatar avatar-50' height='50' width='50' /> Cryptography & Payments </a> </li> <div class="actnbr-message no-display"></div> <form method="post" action="https://subscribe.wordpress.com" accept-charset="utf-8" style="display: none;"> <div class="actnbr-follow-count">Join 30 other subscribers</div> <div> <input type="email" name="email" placeholder="Enter your email address" class="actnbr-email-field" aria-label="Enter your email address" /> </div> <input type="hidden" name="action" value="subscribe" /> <input type="hidden" name="blog_id" value="70204527" /> <input type="hidden" name="source" value="https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" /> <input type="hidden" name="sub-type" value="actionbar-follow" /> <input type="hidden" id="_wpnonce" name="_wpnonce" value="e65172ef6c" /> <div class="actnbr-button-wrap"> <button type="submit" value="Sign me up"> Sign me up </button> </div> </form> <li class="actnbr-login-nudge"> <div> Already have a WordPress.com account? <a href="https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Farthurvandermerwe.com%252F2017%252F02%252F10%252Fmutual-authentication-using-certificates%252F">Log in now.</a> </div> </li> </ul> </div> </div> </li> <li class="actnbr-ellipsis actnbr-hidden"> <svg class="gridicon gridicons-ellipsis" height="24" width="24" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M7 12c0 1.104-.896 2-2 2s-2-.896-2-2 .896-2 2-2 2 .896 2 2zm12-2c-1.104 0-2 .896-2 2s.896 2 2 2 2-.896 2-2-.896-2-2-2zm-7 0c-1.104 0-2 .896-2 2s.896 2 2 2 2-.896 2-2-.896-2-2-2z"/></g></svg> <div class="actnbr-popover tip tip-top-left actnbr-more"> <div class="tip-arrow"></div> <div class="tip-inner"> <ul> <li class="actnbr-sitename"> <a href="https://arthurvandermerwe.com"> <img loading='lazy' alt='' src='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50' srcset='https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=50 1x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=75 1.5x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=100 2x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=150 3x, https://arthurvandermerwe.com/wp-content/uploads/2018/09/cropped-arthur4.png?w=200 4x' class='avatar avatar-50' height='50' width='50' /> Cryptography & Payments </a> </li> <li class="actnbr-folded-customize"> <a href="https://arthurvandermerwe.wordpress.com/wp-admin/customize.php?url=https%3A%2F%2Farthurvandermerwe.wordpress.com%2F2017%2F02%2F10%2Fmutual-authentication-using-certificates%2F"> <svg class="gridicon gridicons-customize" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><g><path d="M2 6c0-1.505.78-3.08 2-4 0 .845.69 2 2 2 1.657 0 3 1.343 3 3 0 .386-.08.752-.212 1.09.74.594 1.476 1.19 2.19 1.81L8.9 11.98c-.62-.716-1.214-1.454-1.807-2.192C6.753 9.92 6.387 10 6 10c-2.21 0-4-1.79-4-4zm12.152 6.848l1.34-1.34c.607.304 1.283.492 2.008.492 2.485 0 4.5-2.015 4.5-4.5 0-.725-.188-1.4-.493-2.007L18 9l-2-2 3.507-3.507C18.9 3.188 18.225 3 17.5 3 15.015 3 13 5.015 13 7.5c0 .725.188 1.4.493 2.007L3 20l2 2 6.848-6.848c1.885 1.928 3.874 3.753 5.977 5.45l1.425 1.148 1.5-1.5-1.15-1.425c-1.695-2.103-3.52-4.092-5.448-5.977z"/></g></svg> <span>Customize</span> </a> </li> <li class="actnbr-folded-follow"> <a class="actnbr-action actnbr-actn-follow " href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path clip-rule="evenodd" d="m4 4.5h12v6.5h1.5v-6.5-1.5h-1.5-12-1.5v1.5 10.5c0 1.1046.89543 2 2 2h7v-1.5h-7c-.27614 0-.5-.2239-.5-.5zm10.5 2h-9v1.5h9zm-5 3h-4v1.5h4zm3.5 1.5h-1v1h1zm-1-1.5h-1.5v1.5 1 1.5h1.5 1 1.5v-1.5-1-1.5h-1.5zm-2.5 2.5h-4v1.5h4zm6.5 1.25h1.5v2.25h2.25v1.5h-2.25v2.25h-1.5v-2.25h-2.25v-1.5h2.25z" fill-rule="evenodd"></path></svg> <span>Subscribe</span> </a> <a class="actnbr-action actnbr-actn-following no-display" href=""> <svg class="gridicon" height="20" width="20" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20"><path fill-rule="evenodd" clip-rule="evenodd" d="M16 4.5H4V15C4 15.2761 4.22386 15.5 4.5 15.5H11.5V17H4.5C3.39543 17 2.5 16.1046 2.5 15V4.5V3H4H16H17.5V4.5V12.5H16V4.5ZM5.5 6.5H14.5V8H5.5V6.5ZM5.5 9.5H9.5V11H5.5V9.5ZM12 11H13V12H12V11ZM10.5 9.5H12H13H14.5V11V12V13.5H13H12H10.5V12V11V9.5ZM5.5 12H9.5V13.5H5.5V12Z" fill="#008A20"></path><path class="following-icon-tick" d="M13.5 16L15.5 18L19 14.5" stroke="#008A20" stroke-width="1.5"></path></svg> <span>Subscribed</span> </a> </li> <li class="actnbr-signup"><a href="https://wordpress.com/start/">Sign up</a></li> <li class="actnbr-login"><a href="https://wordpress.com/log-in?redirect_to=https%3A%2F%2Fr-login.wordpress.com%2Fremote-login.php%3Faction%3Dlink%26back%3Dhttps%253A%252F%252Farthurvandermerwe.com%252F2017%252F02%252F10%252Fmutual-authentication-using-certificates%252F">Log in</a></li> <li class="actnbr-shortlink"><a href="https://wp.me/p4Kzp5-3u">Copy shortlink</a></li> <li class="flb-report"> <a href="https://wordpress.com/abuse/?report_url=https://arthurvandermerwe.com/2017/02/10/mutual-authentication-using-certificates/" target="_blank" rel="noopener noreferrer"> Report this content </a> </li> <li class="actnbr-reader"> <a href="https://wordpress.com/read/blogs/70204527/posts/216"> View post in Reader </a> </li> <li class="actnbr-subs"> <a href="https://subscribe.wordpress.com/">Manage subscriptions</a> </li> <li class="actnbr-fold"><a href="">Collapse this bar</a></li> </ul> </div> </div> </li> </ul> </div> <script> window.addEventListener( "load", function( event ) { var link = document.createElement( "link" ); link.href = "https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.css?v=20241015"; link.type = "text/css"; link.rel = "stylesheet"; document.head.appendChild( link ); var script = document.createElement( "script" ); script.src = "https://s0.wp.com/wp-content/mu-plugins/actionbar/actionbar.js?v=20231122"; script.defer = true; document.body.appendChild( script ); } ); </script> <script type="text/javascript"> window.WPCOM_sharing_counts = {"https:\/\/arthurvandermerwe.com\/2017\/02\/10\/mutual-authentication-using-certificates\/":216}; </script> <link crossorigin='anonymous' rel='stylesheet' id='all-css-0-2' href='https://s2.wp.com/_static/??-eJyNzDEOgzAMheELNTUZQF2qHgVFjhWZJk5UO0K9fYtgZGB7//A+WJvDKkZiULpruScWhYWsBXwfDdoFZhaEREIf/h/0fN5R9QaXzVJjz6SwckxkClqRQ3aFIge322rfTBv7Kk8/PUbvx2Ealh973US5&cssminify=yes' type='text/css' media='all' /> <script id="verbum-settings-js-before"> window.VerbumComments = {"Log in or provide your name and email to leave a reply.":"Log in or provide your name and email to leave a reply.","Log in or provide your name and email to leave a comment.":"Log in or provide your name and email to leave a comment.","Receive web and mobile notifications for posts on this site.":"Receive web and mobile notifications for posts on this site.","Name":"Name","Email (address never made public)":"Email (address never made public)","Website (optional)":"Website (optional)","Leave a reply. (log in optional)":"Leave a reply. (log in optional)","Leave a comment. (log in optional)":"Leave a comment. (log in optional)","Log in to leave a reply.":"Log in to leave a reply.","Log in to leave a comment.":"Log in to leave a comment.","Logged in via %s":"Logged in via %s","Log out":"Log out","Email":"Email","(Address never made public)":"(Address never made public)","Instantly":"Instantly","Daily":"Daily","Reply":"Reply","Comment":"Comment","WordPress":"WordPress","Weekly":"Weekly","Notify me of new posts":"Notify me of new posts","Email me new posts":"Email me new posts","Email me new comments":"Email me new comments","Cancel":"Cancel","Write a comment...":"Write a comment...","Write a reply...":"Write a reply...","Website":"Website","Optional":"Optional","We'll keep you in the loop!":"We'll keep you in the loop!","Loading your comment...":"Loading your comment...","Discover more from":"Discover more from Cryptography & Payments","Subscribe now to keep reading and get access to the full archive.":"Subscribe now to keep reading and get access to the full archive.","Continue reading":"Continue reading","Never miss a beat!":"Never miss a beat!","Interested in getting blog post updates? Simply click the button below to stay in the loop!":"Interested in getting blog post updates? Simply click the button below to stay in the loop!","Enter your email address":"Enter your email address","Subscribe":"Subscribe","Comment sent successfully":"Comment sent successfully","Save my name, email, and website in this browser for the next time I comment.":"Save my name, email, and website in this browser for the next time I comment.","siteId":70204527,"postId":216,"mustLogIn":false,"requireNameEmail":false,"commentRegistration":false,"connectURL":"https:\/\/arthurvandermerwe.wordpress.com\/public.api\/connect\/?action=request&domain=arthurvandermerwe.com","logoutURL":"https:\/\/arthurvandermerwe.wordpress.com\/wp-login.php?action=logout&_wpnonce=14cbe1fa04","homeURL":"https:\/\/arthurvandermerwe.com\/","subscribeToBlog":true,"subscribeToComment":true,"isJetpackCommentsLoggedIn":false,"jetpackUsername":"","jetpackUserId":0,"jetpackSignature":"","jetpackAvatar":"https:\/\/0.gravatar.com\/avatar\/ad516503a11cd5ca435acc9bb6523536?s=96","enableBlocks":true,"enableSubscriptionModal":true,"currentLocale":"en","isJetpackComments":false,"allowedBlocks":["core\/paragraph","core\/list","core\/code","core\/list-item","core\/quote","core\/image","core\/embed","core\/quote","core\/code"],"embedNonce":"7f2b0b09c3","verbumBundleUrl":"https:\/\/s2.wp.com\/wp-content\/mu-plugins\/jetpack-mu-wpcom-plugin\/sun\/vendor\/automattic\/jetpack-mu-wpcom\/src\/features\/verbum-comments\/dist\/index.js","isRTL":false,"vbeCacheBuster":1721244820,"iframeUniqueId":0} </script> <script crossorigin='anonymous' type='text/javascript' src='https://s1.wp.com/_static/??-eJx9j+FOwzAMhF+INJs6hPiBeBTkJl7n1k5CnKzq25PCNiGY9svS+buzzy7JuBgKhmIntRIHYjRVMcPYNEPhGLtJn+wvbuA4msR1pKB2idmDV+MYVFG3kAUK//VIvTmY5sZ9Vqx4guAZ8xWm4Lj6nxBPWuwZg495W6XI65GYO6HwIHvCksDNpklLclEuC6s1XMOglihQCrl/tNXs7FCJfYPzUKWdEGkn1G7l2vBrACFnOIK///fFYTImXu99W04oDU11sIrY6pdreHOnTAJ5NQHONEKh+KgszKSCxfTdzn60H27CMX/Dvnnf5W3/0u8P/a5/fp2+APZguQA='></script> <script id="crowdsignal-rating-js-before"> <![CDATA[//><!]]> </script> <script src="https://polldaddy.com/js/rating/rating.js?ver=14.1-a.4" id="crowdsignal-rating-js"></script> <script id="sharing-js-js-extra"> var sharing_js_options = {"lang":"en","counts":"1","is_stats_active":"1"}; </script> <script crossorigin='anonymous' type='text/javascript' src='https://s2.wp.com/wp-content/mu-plugins/jetpack-plugin/sun/_inc/build/sharedaddy/sharing.min.js?m=1685112397i'></script> <script id="sharing-js-js-after"> var windowOpen; ( function () { function matches( el, sel ) { return !! ( el.matches && el.matches( sel ) || el.msMatchesSelector && el.msMatchesSelector( sel ) ); } document.body.addEventListener( 'click', function ( event ) { if ( ! event.target ) { return; } var el; if ( matches( event.target, 'a.share-twitter' ) ) { el = event.target; } else if ( event.target.parentNode && matches( event.target.parentNode, 'a.share-twitter' ) ) { el = event.target.parentNode; } if ( el ) { event.preventDefault(); // If there's another sharing window open, close it. if ( typeof windowOpen !== 'undefined' ) { windowOpen.close(); } windowOpen = window.open( el.getAttribute( 'href' ), 'wpcomtwitter', 'menubar=1,resizable=1,width=600,height=350' ); return false; } } ); } )(); var windowOpen; ( function () { function matches( el, sel ) { return !! ( el.matches && el.matches( sel ) || el.msMatchesSelector && el.msMatchesSelector( sel ) ); } document.body.addEventListener( 'click', function ( event ) { if ( ! event.target ) { return; } var el; if ( matches( event.target, 'a.share-facebook' ) ) { el = event.target; } else if ( event.target.parentNode && matches( event.target.parentNode, 'a.share-facebook' ) ) { el = event.target.parentNode; } if ( el ) { event.preventDefault(); // If there's another sharing window open, close it. if ( typeof windowOpen !== 'undefined' ) { windowOpen.close(); } windowOpen = window.open( el.getAttribute( 'href' ), 'wpcomfacebook', 'menubar=1,resizable=1,width=600,height=400' ); return false; } } ); } )(); </script> <script> /(trident|msie)/i.test(navigator.userAgent)&&document.getElementById&&window.addEventListener&&window.addEventListener("hashchange",function(){var t,e=location.hash.substring(1);/^[A-z0-9_-]+$/.test(e)&&(t=document.getElementById(e))&&(/^(?:a|select|input|button|textarea)$/i.test(t.tagName)||(t.tabIndex=-1),t.focus())},!1); </script> <script type="text/javascript"> (function () { var wpcom_reblog = { source: 'toolbar', toggle_reblog_box_flair: function (obj_id, post_id) { // Go to site selector. This will redirect to their blog if they only have one. const postEndpoint = `https://wordpress.com/post`; // Ideally we would use the permalink here, but fortunately this will be replaced with the // post permalink in the editor. const originalURL = `${ document.location.href }?page_id=${ post_id }`; const url = postEndpoint + '?url=' + encodeURIComponent( originalURL ) + '&is_post_share=true' + '&v=5'; const redirect = function () { if ( ! window.open( url, '_blank' ) ) { location.href = url; } }; if ( /Firefox/.test( navigator.userAgent ) ) { setTimeout( redirect, 0 ); } else { redirect(); } }, }; window.wpcom_reblog = wpcom_reblog; })(); </script> <script type="text/javascript"> // <![CDATA[ (function() { try{ if ( window.external &&'msIsSiteMode' in window.external) { if (window.external.msIsSiteMode()) { var jl = document.createElement('script'); jl.type='text/javascript'; jl.async=true; jl.src='/wp-content/plugins/ie-sitemode/custom-jumplist.php'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(jl, s); } } }catch(e){} })(); // ]]> </script> <iframe src='https://widgets.wp.com/likes/master.html?ver=20241123#ver=20241123&origin=https://arthurvandermerwe.com' scrolling='no' id='likes-master' name='likes-master' style='display:none;'></iframe> <div id='likes-other-gravatars' class='wpl-new-layout' role="dialog" aria-hidden="true" tabindex="-1"> <div class="likes-text"> <span>%d</span> </div> <ul class="wpl-avatars sd-like-gravatars"></ul> </div> <script src="//stats.wp.com/w.js?67" defer></script> <script type="text/javascript"> _tkq = window._tkq || []; _stq = window._stq || []; _tkq.push(['storeContext', {'blog_id':'70204527','blog_tz':'11','user_lang':'en','blog_lang':'en','user_id':'0'}]); _stq.push(['view', {'blog':'70204527','v':'wpcom','tz':'11','user_id':'0','post':'216','subd':'arthurvandermerwe'}]); _stq.push(['extra', {'crypt':'UE5VTUIlVktzQVNtcFdrRlVoJUNsa2NPNURmfG5zSmhZMEN8bjdYNV0taWs9cHxmT11SeS9OUk8zMWxReFZOJT1aTDhDdFZuP1dURDJjU3dIWFV0R2ZvXUJvYjBQLVNaTWp2NWc9Mzcvc2ZNT2hhNnpqempdZklmTFNTZkZIUHo3PU4laTczJUFtYmJ3aDZiQjd2d1NXUWp4a2tlZ1glX1JVY1UyWEd5MjVndCVKTS1rUHljWE1hJmZ8azlHRGFkVFI4d2l3eElfay1WVjBReGNxcW0/dz0vVjJ+QnhuXStTLTZLLCtBWXdYJjc2MVdfXWhsLExqRysyWCwwYUxMMjRiSkRwcjE='}]); _stq.push([ 'clickTrackerInit', '70204527', '216' ]); </script> <noscript><img src="https://pixel.wp.com/b.gif?v=noscript" style="height:1px;width:1px;overflow:hidden;position:absolute;bottom:1px;" alt="" /></noscript> <script defer id="bilmur" data-customproperties="{"logged_in":"0","wptheme":"pub\/seedlet","wptheme_is_block":"0"}" data-provider="wordpress.com" data-service="simple" src="/wp-content/js/bilmur.min.js?i=12&m=202447"></script><script defer id="bilmur" data-customproperties="{"logged_in":"0","wptheme":"pub\/seedlet","wptheme_is_block":"0"}" data-provider="wordpress.com" data-service="simple" src="/wp-content/js/bilmur-4.min.js?i=12&m=202447"></script><script> ( function() { function getMobileUserAgentInfo() { if ( typeof wpcom_mobile_user_agent_info === 'object' ) { wpcom_mobile_user_agent_info.init(); var mobileStatsQueryString = ''; if ( wpcom_mobile_user_agent_info.matchedPlatformName !== false ) { mobileStatsQueryString += '&x_' + 'mobile_platforms' + '=' + wpcom_mobile_user_agent_info.matchedPlatformName; } if ( wpcom_mobile_user_agent_info.matchedUserAgentName !== false ) { mobileStatsQueryString += '&x_' + 'mobile_devices' + '=' + wpcom_mobile_user_agent_info.matchedUserAgentName; } if ( wpcom_mobile_user_agent_info.isIPad() ) { mobileStatsQueryString += '&x_' + 'ipad_views' + '=' + 'views'; } if ( mobileStatsQueryString != '' ) { new Image().src = document.location.protocol + '//pixel.wp.com/g.gif?v=wpcom-no-pv' + mobileStatsQueryString + '&baba=' + Math.random(); } } } document.addEventListener( 'DOMContentLoaded', getMobileUserAgentInfo ); } )(); </script> <script type='disabled' id='wp-enqueue-dynamic-script:wp-i18n:after:1'> wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); </script> <script> (function() { 'use strict'; const fetches = {}; const promises = {}; const urls = { 'wp-hooks': 'https://s0.wp.com/wp-content/plugins/gutenberg-core/v19.6.4/build/hooks/index.min.js?m=1731954715i&ver=84e753e2b66eb7028d38', 'wp-i18n': 'https://s0.wp.com/wp-content/plugins/gutenberg-core/v19.6.4/build/i18n/index.min.js?m=1731954715i&ver=bd5a2533e717a1043151', 'verbum': 'https://s2.wp.com/wp-content/mu-plugins/jetpack-mu-wpcom-plugin/sun/vendor/automattic/jetpack-mu-wpcom/src/build/verbum-comments/verbum-comments.js?m=1731953849i&minify=false&ver=97043884103359931e09' }; const loaders = { 'verbum': () => { fetchExternalScript('wp-hooks'); fetchExternalScript('wp-i18n'); fetchExternalScript('verbum'); promises['wp-hooks'] = promises['wp-hooks'] || loadWPScript('wp-hooks'); promises['wp-i18n'] = promises['wp-i18n'] || promises['wp-hooks'].then( () => loadWPScript('wp-i18n') ); promises['verbum'] = promises['verbum'] || promises['wp-i18n'].then( () => loadWPScript('verbum') ); return promises['verbum']; }, }; const scriptExtras = { 'wp-i18n': { translations: 0, before: 0, after: 1 }, }; window.WP_Enqueue_Dynamic_Script = { loadScript: (handle) => { if (!loaders[handle]) { console.error('WP_Enqueue_Dynamic_Script: unregistered script `' + handle + '`.'); } return loaders[handle](); } }; function fetchExternalScript(handle) { if (!urls[handle]) { return Promise.resolve(); } fetches[handle] = fetches[handle] || fetch(urls[handle], { mode: 'no-cors' }); return fetches[handle]; } function runExtraScript(handle, type, index) { const id = 'wp-enqueue-dynamic-script:' + handle + ':' + type + ':' + (index + 1); const template = document.getElementById(id); if (!template) { return Promise.reject(); } const script = document.createElement( 'script' ); script.innerHTML = template.innerHTML; document.body.appendChild( script ); return Promise.resolve(); } function loadExternalScript(handle) { if (!urls[handle]) { return Promise.resolve(); } return fetches[handle].then(() => { return new Promise((resolve, reject) => { const script = document.createElement('script'); script.onload = () => resolve(); script.onerror = (e) => reject(e); script.src = urls[handle]; document.body.appendChild(script); }); }); } function loadExtra(handle, pos) { const count = (scriptExtras[handle] && scriptExtras[handle][pos]) || 0; let promise = Promise.resolve(); for (let i = 0; i < count; i++) { promise = promise.then(() => runExtraScript(handle, pos, i)); } return promise; } function loadWPScript(handle) { // Core loads scripts in this order. See: https://github.com/WordPress/WordPress/blob/a59eb9d39c4fcba834b70c9e8dfd64feeec10ba6/wp-includes/class-wp-scripts.php#L428. return loadExtra(handle, 'translations') .then(() => loadExtra(handle, 'before')) .then(() => loadExternalScript(handle)) .then(() => loadExtra(handle, 'after')); } } )(); </script> </body> </html>