Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

I have an SSL Certificate used for my website, can I use the same cert for signing tokens? #2888

Closed
anilchinnu21 opened this issue May 17, 2016 · 2 comments
Closed

I have an SSL Certificate used for my website, can I use the same cert for signing tokens? #2888

anilchinnu21 opened this issue May 17, 2016 · 2 comments
Labels
question

Comments

@anilchinnu21
Copy link

anilchinnu21 commented May 17, 2016
edited

Question / Issue

I have an SSL Certificate used for my website, can I use the same cert for signing tokens?
@lukos
Copy link

lukos commented May 18, 2016

You technically can but consider that it is probably slightly less secure than it would be in IIS (or at least not tested as much). It would make more sense to buy a basic cheap certificate and use that. If it is stolen or suspected stolen, you can easily update the JWT key list and you don't have to update your web site etc.

@brockallen
Copy link
Member

You can use a self-signed cert for the token signing (and it should be different from the SSL cert).

https://brockallen.com/2015/06/01/makecert-and-creating-ssl-or-signing-certificates/

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lukos @brockallen @anilchinnu21