“X509.LocalMachine.My.SubjectDistinguishedName.Find”始终返回null

我们正在.NET Core Web Application中加载IdentityServer4的X509证书，但它始终返回null。使用X509.LocalMachine.My.SubjectDistinguishedName.Find方法时，默认的商店位置是什么？如果我们使用解决方案嵌入源证书，我们如何加载证书？

这是我们的startup.cs文件：

 private static void ConfigureSigningCerts(IServiceCollection services)
    {
        var keys = new List<SecurityKey>();

        var name = "CertName_IdentityServer";

        //The one that expires last at the top
        var certs = X509.LocalMachine.My.SubjectDistinguishedName.Find("CN=" + name, false)
            .Where(o => DateTime.UtcNow >= o.NotBefore)
            .OrderByDescending(o => o.NotAfter);

        if (!certs.Any()) throw new Exception("No valid certificates could be found.");

        //Get first (in desc order of expiry) th
        var signingCert = certs.FirstOrDefault();

        if (signingCert == null) throw new InvalidOperationException("No valid signing certificate could be found.");

        var signingCredential = new SigningCredentials(new X509SecurityKey(signingCert), "RS256");
        services.AddSingleton<ISigningCredentialStore>(new DefaultSigningCredentialsStore(signingCredential));

        foreach (var cert in certs)
        {
            var validationCredential = new SigningCredentials(new X509SecurityKey(cert), "RS256");
            keys.Add(validationCredential.Key);
        }

        services.AddSingleton<IValidationKeysStore>(new DefaultValidationKeysStore(keys));
    }

我们使用以下命令创建自签名证书：

makecert -r -pe -n "CN=CertName_IdentityServer" -b 01/01/2015 -e 01/01/2039 -eku 1.3.6.1.5.5.7.3.3 -sky signature -a sha256 -len 2048 identityserver.cer