堆栈内存溢出
  简体   繁体   English

了解服务器安全证书

[英]Understanding Server Security Certificates

 原文  2016-04-04 06:43:49       security/ certificate/ saml-2.0/ signing/ kentor-authservices

问题描述

Am presently implementing Single-Sign-On within my MVC application using Kentor.AuthServices. 我目前正在使用Kentor.AuthServices在我的MVC应用程序中实现单点登录。 The configuration contains two elements - < signingCertificate > and < serviceCertificates >, which appear to point to X.509 certificates on the local machine. 该配置包含两个元素 - <signingCertificate>和<serviceCertificates>,它们似乎指向本地计算机上的X.509证书。

Now I guess these certificates are different to the ones installed for SSL? 现在我猜这些证书与为SSL安装的证书不同? The documentation refers to these as "signing" certificates. 文档将这些称为“签名”证书。 The only links I've seen so far seem to aimed towards making your own "self-signed" certificates. 到目前为止,我见过的唯一链接似乎是为了制作自己的“自签名”证书。 I guess these can't be used on the live application? 我想这些不能用于实时应用程序? If not, how do I go about obtaining such a certificate? 如果没有,我该如何获得这样的证书?

2 个解决方案

解决方案1
 3 已采纳  2016-04-04 13:32:35

There are two places in the AuthServices config that contains certificates. AuthServices配置中有两个包含证书的位置。

  • The signingCertificate is a certificate that refers to the certificate that the Idp uses to sign the SAML2 assertions it create. signingCertificate是一个证书,它引用Idp用于签署其创建的SAML2断言的证书。 Easiest is to let AuthServices load this as part of the Idp metadata, but if that is not possible you can download the certificate and configure it. 最简单的方法是让AuthServices将其作为Idp元数据的一部分加载,但如果不可能,则可以下载证书并进行配置。 You only need the public key (typically .cer file) of this certificate. 您只需要此证书的公钥(通常是.cer文件)。 The Idp should keep it's private key well secured. Idp应该保证它的私钥安全。

  • The serviceCertificate is the other way around - that is what AuthServices uses to sign outgoing requests (if that is needed, in simple setups it isn't). serviceCertificate是另一种方式 - 这就是AuthServices用于签署传出请求的方式(如果需要,则在简单设置中不是这样)。 SAML2 contains it's own means of distributing certificates (through metadata) so a self signed cert will often do. SAML2包含它自己的分发证书的方式(通过元数据),因此自签名证书通常会这样做。

解决方案2
 0  2016-04-04 06:50:25

A signing certificate is a cert with it's purpose flags set to allow it to be used for code signing. 签名证书是一个证书,其目的标志设置为允许它用于代码签名。 A normal SSL/TLS server cert normally do not have that flag set. 普通的SSL / TLS服务器证书通常没有设置该标志。 You can get a signing cert from (most of) the same CAs that sell server certificates, but the price (and paperwork) for a code signing cert is usually different. 您可以从(大多数)销售服务器证书的相同CA获得签名证书,但代码签名证书的价格(和文书工作)通常是不同的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WCF安全 - 证书 - WCF Security - Certificates 中间安全证书中的TLS男子 - TLS man in the middle security certificates 通过证书具有运输安全性的WCF - WCF with transport security via certificates 了解JavaScript安全模型 - understanding JavaScript security model 了解Web服务器上的LinkDemand安全性 - Understanding LinkDemand Security on a webserver 了解安全性和秘密密钥 - Understanding Security and Secret Keys WCF服务,SSL,消息安全性和数字证书 - WCF services, SSL, message security and digital certificates 邮件应用程序仅获得一次安全证书 - Messaging Application only gets Security Certificates Once WCF - 使用证书使用Message Security对客户端进行身份验证 - WCF - Authenticate the client with Message Security using Certificates WCF传输安全性,动态更改证书 - WCF transport security, changing the certificates dynamically
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM