I created the self-sign certificate using PowerShell something like below
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "stage-federation-2020.sp.test.com" -FriendlyName "stage-federation-2020.sp.test.com" -NotAfter (Get-Date).AddYears(5) -KeyAlgorithm RSA -KeyLength 2048 -Subject "CN=stage-federation-2020.sp.test.com,OU=Servers,O=ABC Inc.,L=CityName,S=StateNamehere,C=CountryNameHere"
from MMC console, I exported as xxx.cer and xxx.pfx. I did below and getting an error while signing the certificate
// Sign the authentication request.
X509Certificate2 spCert = new X509Certificate2(SamlServiceProvidersPath spCertificateToUseForIdp.PrivateKeyFileName, spCertificateToUseForIdp.PrivateKeyPassword, X509KeyStorageFlags.MachineKeySet);
authnRequest.Sign(spCert);
What found out that xxx.pfx contains a key which is valid for new cert x509.v3 not for x509.v2 we generally use.
Questions:
1. How can you sign the request with this type of certificate? If not, why?
2. what is the workaround to create self-signed certificates which work here.
asked 6/26/2020 5:48:43 PM