SSL Certificate-Based Authentication
The client uses the private key that correspond to the public key published in the certificate issued for that client to digitally sign some data that has been randomly generated for this purpose and sends both the certificate and the signed data across the network. The server validate the signature and checks that the certificate presented by the client is stored in the user’s entry in an LDAP directory.
SSL provides the secure interchange of sensitive data, but once received, the data is all too frequently left unprotected on the server.
Message Digital Signature
As important as protecting the confidentiality of business messages is ensuring their long-term authenticity (who sent them?), data integrity (have they been modified in transit?), and support for non-repudiation (can the sender deny sending them?); in other words, functionality that SSL do not provide alone. The globally-recognized method for satisfying these requirements for secure business transactions is to use digital certificates to enable the encryption and digital signing of the exchanged data.