Self-signed server certificateBy default, the Authentication Server a self-signed certificate that is created . This means that web browsers will warn users about an untrusted server certificate when they first access the Authentication Server. When users choose to trust the server certificate, the warning message disappears. CA-signed server certificateFor production environments, it is highly recommended to use a certificate signed by trusted certificate authorities (CA). For changing the self-signed certificate to a CA certificate, visit Changing the SSL certificate page. Deployment on clusterIf the Authentication Server is deployed on a cluster, all service instances should use the same keystore. When using an automatically created keystore with a self-signed certificate, just copy the keystore file from one instance to all the other ones.
|