问题描述

我在我的个人服务器上设置了自己的开放 ID 提供程序，并在我的 apache 配置文件中添加了到 https 的重定向.不使用安全连接时(当我禁用重定向时)我可以正常登录，但使用重定向我无法登录并显示以下错误消息:

I setup my own open id provider on my personal server, and added a redirect to https in my apache config file. When not using a secure connection (when I disable the redirect) I can log in fine, but with the redirect I can't log in with this error message:

底层连接已关闭:无法为 SSL/TLS 安全通道建立信任关系.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

我猜这是因为我使用的是自签名证书.

I'm guessing that this is because I am using a self signed certificate.

谁能确认自签名证书是否是问题所在?如果没有，有人知道问题是什么吗?

Can anyone confirm if the self signed certificate is the issue? If not does anyone have any ideas what the problem is?

推荐答案

为您的 OpenID URL 使用 SSL 的主要好处是它为依赖方提供了一种机制来发现 DNS 是否已被篡改.依赖方无法判断带有自签名证书的 OpenID URL 是否已被泄露.

The primary benefit of using SSL for your OpenID URL is that it gives the relying party a mechanism to discover if DNS has been tampered with. It's impossible for the relying party to tell if an OpenID URL with a self-signed certificate has been compromised.

在提供商的端点 URL 上使用 SSL 还可以获得其他好处(更容易建立关联，不会窃听扩展数据)，如果您使用自签名证书，这些好处仍然存在，但我认为这些好处是次要的.

There are other benefits you get from using SSL on your provider's endpoint URL (easier to establish associations, no eavesdropping on the extension data) which would still hold if you used a self-signed cert, but I would consider those to be secondary.

这篇关于带有自签名证书的 OpenID Over SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！