Skip to main content

Can I use the same SSL/TLS certificate as both a "server" and "client"? [Resolved]

I have a proxy server. Clients connect to it over HTTPS, so it needs a server certificate. The proxy server also makes outgoing requests to other backend servers. One of those backend servers requires mutual TLS, so I also need a "client" certificate.

It is ok to use one certificate for both cases? Is this a common practice or do most choose to use 2 separate certificates?

Question Credit: Chris Sun
Question Reference
Asked June 14, 2019
Posted Under: Network
1 Answers

It could be done, but you probably don't want to.

It's technically possible for a TLS certificate to be used as both a server certificate and a client certificate. The TLS certificate for this very site has its key usage set that way, for instance.

Certificate for *

But the server which requires a client certificate does so to authenticate the client. So it will want a specific certificate signed by a specific certificate authority. The TLS certificate you use for an Internet-facing server is probably not what you want in this case, as that server would find it much more difficult to limit which client certificates it accepted.

The server administrator of that backend server can issue the proper client certificate, or point you to the certificate authority who can.

credit: Michael Hampton
Answered June 14, 2019
Your Answer