i8beef
commented
5 years ago You want something like this
{
"oauth": {
"signingCerts": [
{
"file": "config/signingKey.pfx",
"passPhrase": "yourKeyPassword"
}
]
}
}Its an array to allow you to roll out new certs on expiration if you need to. The first cert will ALWAYS be the signing cert. If its about to expire and you need to create a new certificate, you can leave the old record, and add another one (remember, current signing should always be FIRST so add it before the old one), and it should in theory roll the signing cert for consumers still using the old one until you remove the old PFX record.
Vayatoalla
Hi, I see that it is possible to work without providing any signing certificate, but as it is recommended to use it, and the instructions to generate one are very easy to follow, I have created a signingKey.pfx file and copy it to the config directory of the app. But the appsettings.json do not include an example of how to configure this file. The example is set with the 'null' option. So, my question is: should I replace this 'null' with a 'yes'?, with a JSON object of the key settings (defining the file and passPhrase)? or with an array of these JSON objects? (as the wiki explains that it is posible to have multiple certificate records in the config file). Regards, Chema