我将如何生成Identity Server签名证书 [英] How would I generate the Identity Server signing certificate
问题描述
在身份服务器示例中,我们在Startup.cs
In the identity server samples we find code like this in Startup.cs
var certFile = env.ApplicationBasePath + "\\idsrv3test.pfx";
var signingCertificate = new X509Certificate2(certFile, "idsrv3test");
在生产情况下我该如何替换呢?
How would I go about replacing this for production scenarios?
推荐答案
通过您的PKI或自行生成一个证书来获取专用证书:
Get a dedicated cert - either via your PKI or self-generate one:
http://brockallen.com /2015/06/01/makecert-and-creating-ssl-or-signing-certificates/
将密钥对导入Windows证书存储区,并在运行时从那里加载它.
Import the key pair into the Windows certificate store, and load it from there at runtime.
为了加强安全性,有些人将密钥部署到专用设备(称为HSM)或专用计算机(例如,在防火墙后面). ITokenSigningService
允许将实际的令牌签名移动到该单独的计算机上.
To step up security, some people deploy the keys to a dedicated device (called an HSM) or to a dedicated machine (e.g. behind a firewall). The ITokenSigningService
allows moving the actual token signing to that separate machine.
这篇关于我将如何生成Identity Server签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!