SSL CLIENT CERTIFICATE

 Every Web Browser can install SSL Client Certificates. From major companies such as Thawte you can get free Client Certificates attested to an e-mail address. These SSL certificates cannot be revoked and there is no recovery after a break in.

In case of institutions they could issue their own certificates to active members with the help of PKI. As a result the root CA may not be known outside the institution but the Subject field could be controlled and certificate revoked and reissued upon break in.

Institutions which need multiple methods of authentication may be requiring both Certificate and Username/Password for allowing access to sensitive information. As SSL Client Certificate includes more than one Subject name it might generate more than one Authetication Subject Entry.

Your SSL Client Certificate might be rejected due to the following reasons:

It may have been revoked
If it’s expired
If it has been issued by unrecognized CA