TLS supports three authentication modes:
Two-way authentication: authentication of both parties. In this mode, both server and client will be authenticated.
One-way authentication: server authentication with an unauthenticated client. That means only the server is authenticated by the client, and the client won’t be authenticated by the server.
Total anonymity: the server and client won’t authenticate each other.
Table 1 shows the certificate requirement in each authentication mode for the HTTPS client and HTTPS server.
Part → --- Mode↓
Authentication of both parties
Server authentication with an unauthenticated client
rootcert, clientcert, clientkey
rootcert, servercert, serverkey