Configure Token Signing Certificate
Certificates are essential for securing the WinConsole, serving as digital identities to verify the authenticity of both the server and the clients.
In the context of the WinConsole, certificates are critical for ensuring security:
- They are used to digitally sign the tokens issued by the Identity Server, establishing trust between the server and clients.
- This guarantees the integrity of the tokens, ensuring they haven’t been tampered with during transmission.
- Clients can verify the authenticity of a token by validating its signature against the public key of the certificate used to sign it.
Types of Certificates Used in Winconsole
- Self-Signed Certificates: Created by the server itself. While convenient, they lack the trust associated with certificates issued by a trusted Certificate Authority (CA).
- CA-Issued Certificates: Issued by a trusted CA, providing higher levels of trust and security.
By understanding the role of certificates in Winconsole and implementing them correctly, you can significantly enhance the security and reliability of your authentication and authorization infrastructure.
Note: A private key must be present in the certificate.
Step 1: Go to the Winconsole settings –> click on the Identity Server section
Step 2: Click on the Select certificate –> Upload the .pfx signing certificate with private key –> enter the certificate password –> Click on Validate Certificate which is located at the end of the page
This certificate will be used to sign the tokens it issues and establish the trust between IdentityServer and clients.
Note: This certificate can be configured by Identity Server and Winconsole