1

我们有一个后端服务器,它为将在 iOS、Windows 8、Windows Phone 8 和 Android 上启动的多平台应用程序提供服务。我们希望在生产中使用尽可能少的证书(最好只有一个)以达到以下目的:

  • 与客户端应用程序的安全通信 (HTTPS)
  • 对 Windows Phone 推送通知服务的身份验证
  • 对 Apple 推送通知服务的身份验证

除了注意证书是由一个共同的受信任的根颁发机构颁发的之外,是否还有其他障碍可以阻止单个证书同时用于所有这些?这是一种可行的可能性,还是有必要为上述每个目的使用一个证书?

4

1 回答 1

1

Gabriel I guess there is a problem. Main one is that HTTPS certificate private key cannot be coded by a secret this kind of certificate contain *.crt and *.key file which are not secured. When You want authenticate yourself or server in some Service for example Windows phone push like you have listed there is need to create hash for your private key with secret aka pin or password. What make You use at least two different certificates.


Second thing is that purpose of using certificates is to validate the issuer and to authenticate user/service provider. HTTPS ssl certificate issued by a trusted CA show to the user Hey this is trusted website You should not be afraid passing sensitive data through the service, and the certificates which are used to authenticate are just saying Hey its me I am authorized to use this application
Purpose of those certificates and different so certificates them self should be different. Using the same cert for actions like You have listed cause necessaries vulnerabilities and is highly NOT RECOMMENDED

于 2013-04-24T08:37:53.607 回答