Clients and servers
exchange and validate each other’s digital certificates. The
following provides some details.
-
-
The Windows client verifies the
TLS-enabled server’s certificate against the Certificate Authority (CA) list. The client
has to know about all of the CAs in the server’s certificate chain in order to validate
the server certificate. The Windows CA certificate is installed using Microsoft Certificate
Services. The certificate must be a trusted root certificate in the user or machine
certificate store.
-
The client connects to a TLS-enabled server.
-
The TLS-enabled server sends its certificate to the client. The Window’s server certificate
is installed using Microsoft Certificate Services and is located in the user or machine
certificate store. SAS uses the SSLCERTISS/SSLCERTSERIAL or the SSLCERTSUBJ/ SSLCERTISS
system options to locate the server certificate.
-
The server can also
validate the client’s certificates. Refer to the previous steps.