DLH said:
When a client with no DoD PKI certificate attempts to talk
to a Server PKI DoD Certificated computer with the Sever
accept the client and issue a certificate or will it
reject the client? If the client is rejected how can it
talk to the Server?
Normally communication using certificates is over SSL (https).
Any client can communicate with a server possessing a certificate using SSL.
The key is whether mutual authentication is required. If it is, the
authentication
can be by password or certificate. In this case, the client has to provide
authentication of
itself. The server gets to decide whether the authentication is "sufficient"
before it
authorizes the client and performs the service that is requested.
In the case of the DoD, they are looking for a certificate signed by the DoD
certificate
authority (ies). If they don't find one, they will refer you to the "not
authorized" message.
Ed