How would I generate the Identity Server signing certificate

Question

In the identity server samples we find code like this in Startup.cs

var certFile = env.ApplicationBasePath + \"\\\\idsrv3test.pfx\";

var signingCer         


        

Answer 1

Get a dedicated cert - either via your PKI or self-generate one:

http://brockallen.com/2015/06/01/makecert-and-creating-ssl-or-signing-certificates/

Import the key pair into the Windows certificate store, and load it from there at runtime.

To step up security, some people deploy the keys to a dedicated device (called an HSM) or to a dedicated machine (e.g. behind a firewall). The ITokenSigningService allows moving the actual token signing to that separate machine.