IdentityServer4 AddSignerCredentials RSA example

Question

Getting ready to move our IdentityServer4 setup from dev to test and I need to get the AddSignerCredentials() piece migrated from AddDeveloperCredentials(). I can generate a private and public RSASecurityKey but I'm unclear as to what RsaSecurityKey to pass to AddSignerCredentials(). The discovery endpoint somehow knows about the public key, but we'd want to sign tokens with the private key. Neither seems to work

Is there an example of how to use this somewhere in the documentation that I missed?

score 4 · Accepted Answer · edited Aug 31 '20 at 00:54

4

Use openSSL to create the certificate using the following demo command in your command prompt:

->OpenSSL req -x509 -newkey rsa:4096 -sha256 -nodes -keyout 
  IdentityServer4.key -out IdentityServer4.crt -subj 
  "/CN=IdentityServer4.com" -days 3650
->OpenSSL  pkcs12 -export -out IdentityServer4.pfx -inkey 
  IdentityServer4.key -in IdentityServer4.crt -certfile IdentityServer4.crt

Install that certificate to your current user profile.

Replace

AddDeveloperSigningCredential()

with

AddSigningCredential("ThumbprintOfCertificate", StoreLocation.CurrentUser,NameType.Thumbprint)

That's it.

edited Aug 31 '20 at 00:54

Pang

9,564
146
81
122

answered Jan 11 '18 at 07:00

Umaprasad Bisen

123
9

1

Thanks! I figured it out and did it slightly different but this is a more concise way – Goat Jan 12 '18 at 16:25
1

What is "ThumbprintOfCertificate" mean? – Kushkush Feb 06 '19 at 13:16

IdentityServer4 AddSignerCredentials RSA example

1 Answers1

Linked