使用Powershell命令New-SelfSignedCertificate,我已经生成了用于Identity Server的证书。我的Powershell命令如下所示:
PS> New-SelfSignedCertificate -Subject "CN=mycert" -KeySpec "Signature" -CertStoreLocation "Cert:\localMachine\My\" -NotAfter "12/12/2021"
(对于用户证书,我使用了Cert:\CurrentUser\My\)
Identity Server代码如下:
X509Certificate2 cert = null;
using (X509Store certStore = new X509Store(StoreName.My, StoreLocation.LocalMachine))
{
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
thumbprint,
true);
if (certCollection.Count > 0)
{
cert = certCollection[0];
}
}
services
.AddIdentityServer()
//.AddDeveloperSigningCredential()
.AddSigningCredential(cert)
...
对于用户证书,我使用了StoreLocation.CurrentUser。当我运行用户证书时,它可以正常工作,但是在本地计算机证书上(我在MMC中检查,它确实正确安装了证书),但是找不到有效的证书。请注意,如果我更改:
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
thumbprint,
true);
收件人:
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
thumbprint,
false);
然后它确实找到了证书,但是显然无效。请任何人告诉我为什么会这样吗?