Skip to main content

© Securetron Inc. All rights reserved.

Templates | Compliance
SaaS | Enterprise | Community Edition

The Client-Server Identity Crisis: Why You Shouldn’t Use a Single Certificate for Both Roles

In the world of PKI and TLS, certificates are the digital passports that prove identity. But what happens when a single passport tries to claim two different, high-trust roles at the same time? This is the exact scenario we create when we combine serverAuth and clientAuth Extended Key Usages (EKUs) in a single certificate.

While technically possible, and sometimes convenient, this practice is a significant security anti-pattern. In this article, we’ll break down why this approach is dangerous, the principles it violates, and the correct way to architect your certificate strategy for robust security.

The All-in-One Certificate: A Tempting Shortcut

First, let’s understand what we’re talking about. An Extended Key Usage (EKU) is an X.509 extension that defines the purpose of a certificate. The two most common for TLS are:

  • serverAuth (OID: 1.3.6.1.5.5.7.3.1): Authorizes this certificate to authenticate a web server (e.g., for your HTTPS website).

  • clientAuth (OID: 1.3.6.1.5.5.7.3.2): Authorizes this certificate to authenticate a client (e.g., an API client, a user, or a service).

It’s common to see a certificate generated with both EKUs, especially in development or legacy systems:

bash
# The problematic "do-it-all" certificate
openssl req -new -key device.key -out device.csr \
  -addext "extendedKeyUsage = serverAuth, clientAuth"

The appeal is clear: simplicity. You manage one certificate instead of two. However, this convenience comes at a steep cost to your security posture.

The Core Problem: Violating the Principle of Least Privilege

The most critical security principle at stake is the Principle of Least Privilege (PoLP). This principle states that any entity (a user, a system, or a certificate) should be granted only the permissions absolutely necessary to perform its intended function—and no more.

A certificate with both serverAuth and clientAuth EKUs is inherently over-privileged.

  • A server’s job is to listen and respond to requests. It should not need the intrinsic authority to initiate requests as an authenticated client.

  • A client’s job is to initiate requests to trusted servers. It should not be able to impersonate a server.

By combining these roles, you create a dangerous blurring of lines. If an attacker compromises a server certificate that also has clientAuth privileges, they can now use that same credential to authenticate to other backend services that trust client certificates, potentially moving laterally through your network.

Think of it this way: The master key to a bank vault (server) should not also be the key to every safety deposit box (client) inside it.

Technical and Operational Headaches

Beyond the core security risk, mixed-role certificates create several practical problems.

1. Inappropriate Key Usage:
Server and client certificates often have different keyUsage extensions. A server typically needs keyEncipherment (for RSA key exchange), while a client often only needs digitalSignature. A combined certificate often ends up with an overly permissive key usage, further violating least privilege.

2. Complicated Lifecycle Management:
What happens when you need to rotate the certificate because a developer leaves, but it’s also used in a critical server role? Rotation becomes a high-risk, complex operation instead of a targeted, routine security practice.

3. Auditing and Compliance Nightmares:
Many security standards, such as PCI DSS, NIST, and SOC 2, implicitly or explicitly require role-based access control. Using combined certificates makes it difficult to demonstrate compliance and nearly impossible to cleanly answer the question, “Which systems use this certificate for client authentication?”

The Right Way: Purpose-Built Certificates

The solution is simple and elegant: issue separate, purpose-built certificates for each role.

1. Create a Dedicated Server Certificate:
This certificate should be used exclusively for hosting TLS services.

bash
# Generate a server-only certificate
openssl req -new -key server.key -out server.csr \
  -subj "/CN=api.production.example.com" \
  -addext "extendedKeyUsage = serverAuth" \
  -addext "keyUsage = digitalSignature, keyEncipherment"

2. Create a Dedicated Client Certificate:
This certificate should be used exclusively by clients to authenticate themselves.

bash
# Generate a client-only certificate
openssl req -new -key client.key -out client.csr \
  -subj "/CN=backend-service-account/O=MyOrg/OU=Client" \
  -addext "extendedKeyUsage = clientAuth" \
  -addext "keyUsage = digitalSignature"

Benefits of This Approach:

  • Contained Blast Radius: If a web server’s certificate is compromised, the attacker cannot reuse it to authenticate as a client.

  • Granular Control: You can revoke and rotate client and server certificates independently.

  • Clear Audit Trails: It’s immediately clear which certificate is used for which purpose.

  • Compliance-Friendly: Meets the requirements of modern security frameworks.

When Is It Ever Okay to Combine Them?

The exceptions to this rule are exceedingly rare and should be heavily justified.

  • Extremely Resource-Constrained Embedded Devices: In some IoT scenarios, where there is literally only space to store one certificate, this might be a necessary evil. However, the security risks must be carefully weighed and mitigated elsewhere.

  • Internal Service Mesh Proxies: Some advanced service mesh architectures (like Istio) use certificates for mutual TLS (mTLS) between proxies. In these highly controlled and specialized environments, the proxies might use a single certificate for both roles, but this is managed by the mesh control plane itself, not by application owners.

For 99% of use cases—including web applications, APIs, microservices, and service accounts—separate certificates are the only correct answer.

Conclusion: Specialization is a Feature, Not a Bug

In security, specialization is a strength. Just as you wouldn’t use a root CA certificate to sign daily emails, you shouldn’t use a single certificate to represent multiple, distinct machine identities.

By embracing a strategy of dedicated certificates for server and client authentication, you build a more resilient, manageable, and secure system. It’s a clear win that eliminates unnecessary risk and aligns with foundational cybersecurity principles. Ditch the combined certificate today and give your servers and clients the distinct, least-privileged identities they deserve by using PKI Trust Manager that enforces compliance and prevents bad practices.