Open Closed

authserver.pfx file can't be found #7243


User avatar
0
kerem.kalemci created

Hello,

Abp can't find the pfx file. It is at the root directory at the production.

The code is:

private X509Certificate2 GetSigningCertificate(IWebHostEnvironment hostingEnv, IConfiguration configuration)
{
    var fileName = "authserver.pfx";
    var passPhrase = "";
    var file = Path.Combine(hostingEnv.ContentRootPath, fileName);

    if (!File.Exists(file))
    {//
        throw new FileNotFoundException($"Signing Certificate couldn't found: {file}");
    }

    return new X509Certificate2(file, passPhrase);
}

Of course passPhrase is not empty.


3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Generating a Signing Certificate

    In the production environment, you need to use a production signing certificate. ABP Framework sets up signing and encryption certificates in your application and expects an openiddict.pfx file in your application.

    This certificate is already generated by ABP CLI, so most of the time you don't need to generate it yourself. However, if you need to generate a certificate, you can use the following command:

    dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-000000000000
    

    00000000-0000-0000-0000-000000000000 is the password of the certificate, you can change it to any password you want.

    It is recommended to use two RSA certificates, distinct from the certificate(s) used for HTTPS: one for encryption, one for signing.

    For more information, please refer to: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-certificate-recommended-for-production-ready-scenarios

    Also, see the Configuring OpenIddict documentation for more information.

  • User Avatar
    0
    guven.uysall created

    If the project will be installed on IIS, AppPool should be selected as LocalSystem. It may also be necessary to install it in PFX Certificate Manager. Also, it would be nice if the passPhrase was not empty.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks guven.uysall

    We have a document to explain Deployment OpenIddict https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09