Identityserver4: Self-signed certificate

Created on 11 Aug 2017  路  3Comments  路  Source: IdentityServer/IdentityServer4

Hello
I'm starting to read about identityserver4 and running tests
Some issues I have had difficulty finding
I would be grateful if anyone could help me

1 - From what I read it's okay to use a self-signed certificate. Proceed?

2 - Where to store certificate? I have stored examples in the project folder but it looks strange. The ideal solution would be to store for example in a 'Key Vault (azure)'?

Thank you

picture krgm03

All 3 comments

I believe you are confusing certificates with keys. The certificate is a public document. The private key needs to be stored in a key vault of some sort. Self-signed certs only prove that you are the same person/site that you were yesterday. They imply no level of trust what-so-ever. If you are required to have https, then a self-signed cert is a good way to satisfy that requirement.

This has nothing to do with identity server. Please close this issue.

TomCJones picture TomCJones on 11 Aug 2017
👎2 👍1

Thanks for listening

I'm not an expert, but I know certificate and keys are different things. Anyway thank you very much for the simple explanation.

The intent was basically to know how developers have done in production to handle the 'Token signing and validation' topic that is listed at https://identityserver4.readthedocs.io/en/release/topics/crypto.html
And I thought here would be a good place to get something

Thank you!

krgm03 picture krgm03 on 11 Aug 2017

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

lock[bot] picture lock[bot] on 14 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

not-good-with-usernames picture not-good-with-usernames  路  3Comments
user1336 picture user1336  路  3Comments
klioqc picture klioqc  路  3Comments
ekarlso picture ekarlso  路  3Comments
brockallen picture brockallen  路  3Comments