使用相同的服务器SSL证书用于多种用途 [英] Using the same server SSL certificate for multiple purposes

问题描述

在与客户端应用程序（通过IIS）通信时，是否可以使用应用程序后端服务器的单个证书进行Windows推送通知身份验证
和 HTTPS加密？只要证书是由有效的受信任的根颁发机构颁发的，是否有任何理由可以解决这个问题？

Is it possible to use a single certificate of an app's backend server for both Windows Push Notifications authentication and HTTPS encryption when communicating with the client application (via IIS)? As long as the certificate is issued by a valid trusted root authority, are there any reasons why this couldn't work?

推荐答案

AFAIK，应该有效只要证书符合两个目的的要求。 

AFAIK, that should work as long as the certificate meets the requirements for both purposes. 

证书CN（发给...）必须与服务器主机名匹配，因此两个操作的服务器主机名必须相同。  （WP < - > Web服务< - > MPN服务） 

The certificate CN (issued to...) must match the server host name so the server host name must be the same for both operations.  (WP <-> Web Service <-> MPN service) 

对于您的Web服务和Microsoft推送通知服务之间的通信，证书用作"客户端"。证书，所以它需要包括扩展密钥使用：客户端身份验证（1.3.6.1.5.5.7.3.2）。

For communication between your web service and Microsoft Push Notification Service the certificate is used as a "client" certificate so it needs to include Extended Key Usage: Client Authentication (1.3.6.1.5.5.7.3.2).

并将它用作您的Web服务SSL（服务器）证书它也需要包括扩展密钥用法：服务器认证（1.3.6.1.5.5.7.3.1）

And to use it as your web services SSL (server) certificate it also needs to include Extended Key Usage: Server Authentication (1.3.6.1.5.5.7.3.1)

这篇关于使用相同的服务器SSL证书用于多种用途的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！