I am new to the OpenSSL and I tried hard to understand
SSL protocol and APIs.
I have one question that bothers me.
When using openssl as a SSL Client, there is an option
to load a
client private key file.
I don't understand why SSL client needs a private key?
I thought, according to SSL, the Server uses
asymmetric cryptographic (public key) to do the key
exchange in handshake
process; once handshake process is done, both server
and client uses symmetric cryptographic for
application data communications.
So why client may need a private key? what is that key
> Hi, everyone,
> I am new to the OpenSSL and I tried hard to understand
> SSL protocol and APIs.
> I have one question that bothers me.
> When using openssl as a SSL Client, there is an option
> to load a
> client private key file.
> I don't understand why SSL client needs a private key?
This is for client authentication. When a server requests client
authentication and the client agrees to it the client sends a certicate and
signs a challenge using the corresponding private key.
If client authentication does not occur the private key is not needed.