- HTTPS Server Authentication is preferably used in combination with Client Authentication (mutual authentication) as this allows a secure configuration without use of passwords.
- The purpose of Server Authentication is to secure the identity of an HTTP server and to encrypt the communication between client and server.
- The purpose of Client Authentication is to prove the identity of a client. Without proof of identity any http client could perform a man-in-the-middle attack e.g. by pretending to be a Controller that connects to an Agent.
- Consider the communication scheme between JS7 components as explained from the JS7 - System Architecture:
- User browsers acting as HTTP clients establish connections to JOC Cockpit as an HTTP server.
- JOC Cockpit acting as an HTTP client establishes connections to Controllers Controller instances acting as HTTP servers.
- Controllers Controller instances acting as HTTP clients establish connections to Agents acting as HTTP servers.