I created the self-sign certificate using PowerShell something like below
New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "stage-federation-2020.sp.test.com" -FriendlyName "stage-federation-2020.sp.test.com" -NotAfter (Get-Date).AddYears(5) -KeyAlgorithm RSA -KeyLength 2048 -Subject "CN=stage-federation-2020.sp.test.com,OU=Servers,O=ABC Inc.,L=CityName,S=StateNamehere,C=CountryNameHere"
from MMC console, I exported as xxx.cer and xxx.pfx. I did below and getting an error while signing the certificate
// Sign the authentication request.
X509Certificate2 spCert = new X509Certificate2(SamlServiceProvidersPath spCertificateToUseForIdp.PrivateKeyFileName, spCertificateToUseForIdp.PrivateKeyPassword, X509KeyStorageFlags.MachineKeySet);
What found out that xxx.pfx contains a key which is valid for new cert x509.v3 not for x509.v2 we generally use.
1. How can you sign the request with this type of certificate? If not, why?
2. what is the workaround to create self-signed certificates which work here.