Configure Token Signing Certificate

Estimated reading: 2 minutes 146 views

Certificates are fundamental to the security and functionality of IdentityServer. They serve as digital identities that verify the authenticity of the server and the clients interacting with it.

In the context of IdentityServer, certificates play a pivotal role in:

  • It uses certificates to digitally sign the tokens it issues and establish trust between Identity Server and clients.
  • This ensures that the token hasn’t been tampered with during transmission. Clients can verify the authenticity of a token by validating the signature against the public key of the certificate used to sign it.

Types of Certificates Used in IdentityServer

  • Self-Signed Certificates: Created by the server itself. While convenient, they lack the trust associated with certificates issued by a trusted Certificate Authority (CA).   
  • CA-Issued Certificates: Issued by a trusted CA, providing higher levels of trust and security.

By understanding the role of certificates in IdentityServer and implementing them correctly, you can significantly enhance the security and reliability of your authentication and authorization infrastructure.

Note: A private key must be present in the certificate.


How to configure the certificate for Identity Server?

Step 1: Go to the Identity Server dashboard and click on the Identity Server section


Step 2: Enable the Edit Signing Certificate section –> Upload the .pfx signing sertificate –> enter the certificate password –> Click on Validate Certificate which is located at the end of the page

This certificate will be used to sign the tokens it issues and establish the trust between IdentityServer and clients.


Note: This certificate can be configured by Identity Server and Winconsole only