Certificates

​As we learned earlier, certificates are public keys that are signed by ​a certificate authority or CA as a sign of trust. ​We covered TLS server certificates but there can also be client certificates. ​These operate very similarly to server certificates but ​are presented by clients and allow servers to authenticate and verify clients

In order to issue client certificates, an organization must setup and ​maintain CA infrastructure to issue and sign certificates.

Certificate authentication is like presenting identification at the airport, ​you show your ID or your certificate to prove who you are. ​The ID is checked to see if it was issued by an authority that is trusted ​by the verifier.

Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid