azure - Guidance on Thinktecture IdentityServer v3 - certificates -
i working demo of thinktecture identityserver v3. intention have identity server run it's own website under azure websites.
there other (more one) azure websites utilize identity server authenticate users.
based on getting started walkthrough (see https://github.com/thinktecture/thinktecture.identityserver.v3/wiki/getting-started) have mostly working.
where having problem certificates.
for demo, i'd create own certificate - unsure of need do. guidance helpful.
other questions have on this:
are self-signed certificates able used? in production scenario, self-signed certificates acceptable, or need signed trusted root authority? how these certificates installed azure website (or can load disk)
well - strictly speaking need 2 certificate - 1 ssl , 1 signing - technically same - don't have to. have different requirements.
for ssl - need have cert in trusted list of clients. typically either cert commercial ca - or internal pki.
for signing cert - can generate own - e.g. using makecert.
idsrv pretty flexible in loading certs - can retrieve them arbitrary sources - typically windows certificate store (when have admin level access server) - or file system, or embedded resource.
our sample host uses embedded resource approach work fine azure websites. production scenarios typically want more flexibility (e.g. roll over) - loading e.g. blob storage.
azure certificate thinktecture-ident-server
No comments:
Post a Comment