i8beef
commented
6 years ago The DeveloperSigningCredential will generate a new key and persist to tempkey.rsa on initial startup. This could be beneficial for simplicity for a lot of people, and is probably better than checking in a static PFX in the repo for "default", as at least there wouldn't be a static, public cert out there with the PK exposed. I still would like to expose the capability for someone to use their own certs though in addition to that.
Currently hard coded to use the IdentityServer4 "development certificate", but if others are going to use this it really should give AT LEAST the option (and instructions) to replace this cert with another.