Asp.net core &引用；X509.LocalMachine.My.subjectDifferentizedName.Find"；总是返回空值_Asp.net Core_.net Core_Identityserver4

Asp.net core &引用；X509.LocalMachine.My.subjectDifferentizedName.Find"；总是返回空值

asp.net-core .net-core identityserver4

Asp.net core &引用；X509.LocalMachine.My.subjectDifferentizedName.Find"；总是返回空值,asp.net-core,.net-core,identityserver4,Asp.net Core,.net Core,Identityserver4,我们正在加载.NET核心Web应用程序中IdentityServer4的X509证书，但它总是返回null。当我们使用X509.LocalMachine.My.subjectDifferentizedName.Find方法时，默认的存储位置是什么？如果我们在解决方案中嵌入源证书，如何加载证书这是我们的startup.cs文件： private static void ConfigureSigningCerts(IServiceCollection services) {

我们正在加载.NET核心Web应用程序中IdentityServer4的X509证书，但它总是返回null。当我们使用

X509.LocalMachine.My.subjectDifferentizedName.Find

方法时，默认的存储位置是什么？如果我们在解决方案中嵌入源证书，如何加载证书

这是我们的startup.cs文件：

 private static void ConfigureSigningCerts(IServiceCollection services)
    {
        var keys = new List<SecurityKey>();

        var name = "CertName_IdentityServer";

        //The one that expires last at the top
        var certs = X509.LocalMachine.My.SubjectDistinguishedName.Find("CN=" + name, false)
            .Where(o => DateTime.UtcNow >= o.NotBefore)
            .OrderByDescending(o => o.NotAfter);

        if (!certs.Any()) throw new Exception("No valid certificates could be found.");

        //Get first (in desc order of expiry) th
        var signingCert = certs.FirstOrDefault();

        if (signingCert == null) throw new InvalidOperationException("No valid signing certificate could be found.");

        var signingCredential = new SigningCredentials(new X509SecurityKey(signingCert), "RS256");
        services.AddSingleton<ISigningCredentialStore>(new DefaultSigningCredentialsStore(signingCredential));

        foreach (var cert in certs)
        {
            var validationCredential = new SigningCredentials(new X509SecurityKey(cert), "RS256");
            keys.Add(validationCredential.Key);
        }

        services.AddSingleton<IValidationKeysStore>(new DefaultValidationKeysStore(keys));
    }

X509Certificate2类可以使用字节[]或文件路径构造，也可以从证书存储返回

e、 g:

或者类似的东西

makecert -r -pe -n "CN=CertName_IdentityServer" -b 01/01/2015 -e 01/01/2039 -eku 1.3.6.1.5.5.7.3.3 -sky signature -a sha256 -len 2048 identityserver.cer

    var assembly = typeof(Startup).GetTypeInfo().Assembly;
    /*
    * IdentityServer\
    *     Certificates\
    *         cert.cer
    * 
    * {assembly name}.{directory}.{file name}
    */
    using (Stream resource = assembly.GetManifestResourceStream("IdentityServer.Certificates.cert.cer"))
    using (var reader = new BinaryReader(resource))
    {
        signingCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(reader.ReadBytes((int)resource.Length));
    }