IdentityServer4: How to load Signing Credential from Cert Store when in Docker

Question

We have an IdentityServer4-based STS successfully running on Windows, where the Signing Credential has been installed to the Local Computer with .pfx under Personal > Certifi

Answer 1

When you use Docker containers and IdentityServer basically you have two options:

• Add the certificate to the container image (COPY certificate.pfx .)
• Mount certificate to the container (-v /path/to/certificate.pfx:/certificate.pfx)

Whatever option you choose, the only thing you need is to add the following configuration code to ConfigureServices in Startup

var identityServerBuilder = services.AddIdentityServer();
/* store configuration and etc. is omitted */
if (_hostingEnvironment.IsDevelopment())
{
    identityServerBuilder.AddDeveloperSigningCredential();
}
else
{
    var certificate = new X509Certificate2("certificate.pfx", "certificate_password");
    identityServerBuilder.AddSigningCredential(certificate);
}

Also it would be a good idea to read certificate password from configuration, environment variable or secrets storage.