Hi,
This is the question from j2eecertificate
Question : Which of the following statement regarding the authentication method CLIENT-CERT are true ? ( Check all answers)
1. Supported by all application servers as it is mandeted by the
servlet specification.
2. Authentication is performed when the SSL connection is establised.
3. All the commonly browsers support it.
4. All the data between the client and server is encrypted.
5. Requires a digital certificate which has been issued from a recognised certification authority.
The answers given are 2,3,4,5. Look correct. But I have little dout.
Is the SSL connection is mandeted by spec to use CLIENT-CERT authentication, though most of the application servers implemented it. Some application server generates their own 128 bit SSL certificates in
testing environment, so the purchasing of digital certificate is not required if you are not using it for productin environment.
so I think option 2 and 5 are ambiguous. Can anyone provide explaination please.
Thanks