共用方式為

SSL Certificates

  • 發行項

SSL Certificates

Secure Sockets Layer (SSL) is the most common client-server encryption schema used on the Web today. Most browsers support SSL transactions, and enabling SSL on a server platform is usually simple.

For Microsoft® .NET Passport single sign-in (SSI) service or for obtaining core profile information, SSL support is not strictly required. However, SSL is required to implement the SSL Required level of SSL sign-in.

Your site will need to obtain and install SSL certificates for proper cobranding support under certain circumstances. SSL is also a requirement for cobranding registration pages, because your cobranding information renders in the same page as the .NET Passport-initiated user interface (UI). Microsoft .NET Passport's portion must be served HTTPS so that the user's password is always passed using encryption.

HTTPS is required for cobranding because of the way browsers behave when presented with a page that contains both secure and nonsecure elements. Some browsers give a specific "mixed-content" warning message to protect users from framing or "spoofing" situations, where data could be captured or redirected to some other non-SSL domain hosted within an SSL frame. Because this warning message interferes with the end-user experience, all .NET Passport server pages that use cobranding perform prerendering checks for mixed content and discard any cobranding material supplied by your site that would cause a mixed-content warning to appear. Microsoft .NET Passport defaults are rendered so that the pages are either 100% SSL content or 100% non-SSL content, but never a mixture that triggers the warning.

If you are implementing Kids Passport, the Account Data and Account Removal pages should also be served HTTPS.

Installing SSL Certificates on a Server

This documentation does not discuss obtaining or installing SSL certificates, because the particulars involved vary, depending on which server your site uses and also on whether your site supports its own certificate service or relies on one of the commonly used certification authorities. If you are using Microsoft® Internet Information Services (IIS), see "Certificate Wizard" in the IIS documentation.

Installing SSL Certificates on a Browser

This documentation also does not discuss how to install or approve an SSL certificate on a client browser. Browser users must specifically accept any certificate not issued by a trusted root domain, and the list of certification authorities potentially varies with each browser and each version thereof. Sites operating live in the Production environment should hold certificates issued by one of the commonly accepted certification authorities. If it is necessary to install or accept a specific certificate (for example, if the browser is being used to view a site using a test certificate not issued by a common certification authority), consult the documentation that comes with that particular browser and review the procedures for accepting or importing SSL certificates.

See Also

.NET Passport System Requirements | .NET Passport Cobranding Overview | SSL Sign-In