Arno Garrels wrote:
> If clients may connect from dynamic IP addresses a certificate
> can neither be issued to an IP nor to a DNS name, hence rather
> useless. In such case a good password is as secure as a client
> certificate that i.e. has some ID in it's common name field.

Not quite correct since a client certificate might be safer 
since the server will check client certificate's issuer.
However a client certificate including its key can be stolen or
given to some non-authorized third party.

> And if both clients and server are under your control it is
> not required to buy a certificate, just create your own CA
> and certificates (server and client if you like).

And if you prefer GUI over command line tools have a look at
XCA ( to manage you own CA.

Arno Garrels
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to