标识服务器4令牌签名
标识服务器4令牌签名
提问于 2022-11-15 10:54:14
Identity Server 4应该在生产环境中使用通过证书签名的令牌。使用自签名证书签名令牌安全吗?
回答 1
Stack Overflow用户
发布于 2022-11-15 11:15:08
由你的组织来决定。
The biggest challenge with self-signed certificates is that security teams often lack visibility over how many they have, where they are installed, who owns them, and how the private key is stored. It’s hard enough keeping track of certificates issued by a number of different public and private CAs. It’s virtually impossible to keep track of self-signed certificates issued without any formal request or approval process.
If the corporate network is breached, there is no way of knowing if a self-signed certificate (and it’s private key) has been compromised. Compromised self-signed certificates can pose many security challenges, since attackers can spoof the identity of the victim. Unlike CA-issued certificates, self-signed certificates cannot be revoked. The inability to quickly find and revoke private key associated with a self-signed certificate creates serious risk.https://www.keyfactor.com/blog/self-signed-certificate-risks/
使用自签名证书的风险通过您最喜欢的搜索引擎得到了很好的记录。对于您的用例和组织来说,这是否是一个可接受的风险,这是您必须在您的终端上做出的决定。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/74444400
复制相关文章
相似问题
腾讯云开发者
