Hello,
Abp can't find the pfx file. It is at the root directory at the production.
The code is:
private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
{
var fileName = "authserver.pfx";
var passPhrase = "";
var file = Path.Combine(hostingEnv.ContentRootPath, fileName);
if (!File.Exists(file))
{//
throw new FileNotFoundException($"Signing Certificate couldn't found: {file}");
}
return new X509Certificate2(file, passPhrase);
}
Of course passPhrase is not empty.
3 Answer(s)
-
0
hi
Generating a Signing Certificate
In the production environment, you need to use a production signing certificate. ABP Framework sets up signing and encryption certificates in your application and expects an
openiddict.pfxfile in your application.This certificate is already generated by ABP CLI, so most of the time you don't need to generate it yourself. However, if you need to generate a certificate, you can use the following command:
dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-00000000000000000000-0000-0000-0000-000000000000is the password of the certificate, you can change it to any password you want.It is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.
For more information, please refer to: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-certificate-recommended-for-production-ready-scenarios
Also, see the Configuring OpenIddict documentation for more information.
-
0
If the project will be installed on IIS, AppPool should be selected as LocalSystem. It may also be necessary to install it in PFX Certificate Manager. Also, it would be nice if the passPhrase was not empty.
-
0
Thanks guven.uysall
We have a document to explain
Deployment OpenIddicthttps://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict
