We have a Windows ASP.NET (.Net 8) gRPC Server application, which will clients will connect to.

I have trouble applying a self-signed certificate, which would normally work fine, only that in the cloud environment I run into an exception.

From appsettings.json

"Kestrel": {
  "Certificates": {
    "Default": {
      "Path": "cert.pfx",
      "Password": "mypassword"
    }
  }
}

From Program.cs

    builder.WebHost.ConfigureKestrel(options =>
    {
        options.ListenAnyIP(5902, listenOptions =>
        {
            listenOptions.UseHttps();
        });
    });

Unhandled exception. System.Security.Cryptography.CryptographicException: The profile for the user is a temporary profile.

at System.Security.Cryptography.X509Certificates.CertificatePal.FilterPFXStore(ReadOnlySpan`1 rawData, SafePasswordHandle password, PfxCertStoreFlags pfxCertStoreFlags)

at System.Security.Cryptography.X509Certificates.CertificatePal.FromBlobOrFile(ReadOnlySpan`1 rawData, String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)

Which is thwon after pretty much any constructor of X509Certificate2 by System.Security.Cryptography.X509Certificates.CertificatePal, so I do not know how to get around that.

A collegue of mine has successfully implemented the a gRPC server in the cloud environment using .pem certificate files, only that he is using Go and ephemeral keys. Using the same certificate files in .NET I get the exception:

System.Security.Authentication.AuthenticationException: Authentication failed because the platform does not support ephemeral keys.

Is there a workaround for this?