When a client connects to a TLS server, it authenticates the server – makes sure that the server has the private key associated with the public key in the certificate and that the certificate is trusted. If this succeeds, the host name in the certificate can be trusted and if that matches the requested name a connection can be set up and trusted to be secure.

At this point the server can reverse the procedure and request a client certificate from the client, in order to make sure that the client identity is assured.


This server requires your client to present a client certificate. You don’t have it, but see how your client reacts to this request. If it doesn’t support client certificates – does it fail gracefully?



Should fail