# SSL web service certificates
This article describes the client SSL certificates that are used to protect Signicat's SOAP web services as well as Signicat's standalone Session Data Storage (SDS) REST web service.
# How Signicat's web services are protected
Signicat's web services are protected with:
- A static password
- A client SSL certificate
You use the password and SSL certificate to access Signicat's SOAP services.
There is only one static password for a service. All applications that make a web service call to Signicat must use the same password. Applications should however not share the same client SSL certificate.
Signicat's production environment at id.signicat.com uses an SSL server certificate issued by GlobalSign (opens new window). This certificate is pre-installed as a trusted root certificate in the certificate archive of most browsers. This enables secure communication between the end-users and Signicat.
In addition, our web services run on the HTTPS protocol and depend on this SSL server certificate. Signicat's SSL certificate (or its root certificate) must be installed in the certificate store of the servers or applications where your integration with Signicat runs. You can read more about how to install Signicat's SSL certificate in your environment in the references at the end of this document.
# Unilateral and bilateral server authentication
Communication with web services can be based on unilateral server authentication, where the client knows the server's identity or on bilateral server authentication, where both ends of the "conversation" can be assured with whom they are communicating.
Signicat is already secured by the GlobalSign SSL server certificate. Your web application must use an SSL service certificate issued by Signicat to verify your identity.
You can read more about how to get the SSL certificate in our guide to obtaining a client SSL web service certificate.