我将如何生成Identity Server签名证书 [英] How would I generate the Identity Server signing certificate

问题描述

在身份服务器示例中，我们在Startup.cs

In the identity server samples we find code like this in Startup.cs

var certFile = env.ApplicationBasePath + "\\idsrv3test.pfx";

var signingCertificate = new X509Certificate2(certFile, "idsrv3test");

在生产情况下我该如何替换呢?

How would I go about replacing this for production scenarios?

推荐答案

通过您的PKI或自行生成一个证书来获取专用证书:

Get a dedicated cert - either via your PKI or self-generate one:

http://brockallen.com /2015/06/01/makecert-and-creating-ssl-or-signing-certificates/

将密钥对导入Windows证书存储区，并在运行时从那里加载它.

Import the key pair into the Windows certificate store, and load it from there at runtime.

为了加强安全性，有些人将密钥部署到专用设备(称为HSM)或专用计算机(例如，在防火墙后面). ITokenSigningService允许将实际的令牌签名移动到该单独的计算机上.

To step up security, some people deploy the keys to a dedicated device (called an HSM) or to a dedicated machine (e.g. behind a firewall). The ITokenSigningService allows moving the actual token signing to that separate machine.

这篇关于我将如何生成Identity Server签名证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！