開發時使用的?AddDeveloperSigningCredential()，不適合生產環境。

戳幾字，簡單使用PowerShell讀取.CER 文件， 使用.NET X509Certificate2這個類，生成、讀取、刪除證書。

1.?打開cmd，然后輸入powershell切換為powershell

?

2. 讀取證書

輸入 Get-ChildItem -Path cert:\CurrentUser\My?

?目前有3個證書

3.創建證書

輸入?New-SelfSignedCertificate -Subject "CN=IDS4_Certificate" -CertStoreLocation cert:\CurrentUser\My -Provider "Microsoft Strong Cryptographic Provider"

名為 IDS4_Certificate

4.刪除證書

輸入?Remove-Item -Path ("cert:\CurrentUser\My\" + $cert.Thumbprint)

?(先試試增 刪 查 這幾步驟，后面就不重復了)

重點部分

5. 導出秘鑰文件

a. 根據以上步驟先創建一個證書，名為 IDS4_Certificate，?輸入

New-SelfSignedCertificate -Subject "CN=IDS4_Certificate" -CertStoreLocation cert:\CurrentUser\My -Provider "Microsoft Strong Cryptographic Provider"

b. 加載剛生成的證書，輸入

??$cert = Get-ChildItem -Path cert:\CurrentUser\My\(your certificate thumbprint)

c.導出公鑰到項目文件夾，輸入

Export-Certificate -Type CERT -Cert $cert -FilePath "./publickey.cer"

d.導出私鑰到項目文件夾

輸入 $cred = Get-Credential 配置秘鑰

?輸入??Export-PfxCertificate -Cert $cert -Password $cred.Password -FilePath "./private.pfx"

Finish

配置identity server4 使用生成的證書

private readonly IConfiguration _configuration;
private readonly IHostEnvironment _environment;
private readonly IWebHostEnvironment _webHostEnv;

public Startup(IConfiguration configuration, IHostEnvironment environment, IWebHostEnvironment webHostEnvironment)
{
   _configuration = configuration;
   _environment = environment;
   _webHostEnv = webHostEnvironment;
}



IIdentityServerBuilder identityServerBuilder = services.AddIdentityServer();

//開發環境時
if (_environment.IsDevelopment())
{
  identityServerBuilder.AddDeveloperSigningCredential(); //配置臨時憑據
}
else
{
  string certPath = Path.Combine(_webHostEnv.ContentRootPath, "private.pfx");
  var certificate = new X509Certificate2(certPath, "test");
  identityServerBuilder.AddSigningCredential(certificate);
}

如果有用請點贊，轉載請說明出處，謝謝！！