In mutual TLS, during client-authentication phase, a client proves its identity to the server by sending its client certificate (Certificate message). Additionally, it signs all previous handshake messages using its private key and sends the resulting hash (CertificateVerify message). Server uses this hash to validate client’s ownership of the certificate.
What is the security benefit of the doing CertificateVerify validation above? How
cert can be compromised while
A typical key storage/management logistics for client
key+cert is “bundled”. Usually, when server issues client certificate to a particular client – it supplies
key+cert (often bundled into a single
PFX file, or
PEM file with both parts concatenated), and all client APIs (OpenSSL, curl, Node.js request, etc.) expect both
cert to be supplied. Therefore, a client reasonably deals with
cert local storage/protection the same way.
Since they’re typically bundled – what benefit/reason there is for
key-verification of a
cert? Why supplying just
cert would not be good enough?
Official definition and reasoning (which is not convincing to me, per the above):