1

Background:

We have to implement a custom authentication mechanism for identifying and authenticate my client's applications and initial details can be found here.

Finally, We have come up with the conclusion that we will simply use self-signed certificate for encryption and decryption of JWT token.

Now I'm figuring out the answers of following questions:

Are there any dotnet libraries available for creating self-singned certificate or I should write my own code for the same?

If I would be issuing a self-singned certificate to my different clients for the secure authentication and communication then how that certificate would be updated at client machine after an expiry?

Edit:

The client needs to sing JWT token using the issued certificate before sending it back to my application.

Deepak
  • 1,410
  • 1
  • 13
  • 26
  • Why do you encrypt the JWT token? That's not how it's supposed to work. – DiplomacyNotWar Mar 20 '19 at 07:00
  • 1
    JWT token should be send via secure transport layer. There is no point of encrypting or decrypting it. – Vaptsarov Mar 20 '19 at 07:05
  • I will not encrypt/descript JWT token instead client needs to sign JWT using issued certificate and then send it back to my application. any thought? – Deepak Mar 20 '19 at 07:16

0 Answers0