Improve mTLS sample Docs #698
Description
The docs mention that the hosts file need to be patched. The readme is more detailed and also mentions certificates required.
We should add the certificate steps to the docs, or at least reference the readme with instructions.
It's probably a good idea to point out that the certificates should be removed from trusted root once done.
If possible, we should rework the setup to generate the certificates locally on the dev machine (just like the Asp.Net dev cert). Getting people to add a certificate with a publicly known private key as a trusted root is a security no-no.
We should also try and add more guidance on how to move to production:
- Add specific documentation on configuring IIS, Nginx, Apache, ... in combination with Kestrel
- How to load certificate data from a cert store / keyring / vault
- Configuring Identity Server to enable mTLS in production environments
- Allowing one or more domains when using client authentication
Improve dev loop as well:
- mkcert explanation
- Kestrel-only documentation? For local dev