I have an implementation of ISigningCredentialStore which implements GetSigningCredentialsAsync() method. This method generates a new SigningCredentials by creating an X509Certificate2 and stores it into database. The certificate expires every 30 days.
I want to run a background process that checks everyday whether the certificate is expiring in 24 hours, and create a new certificate if it is.
Do we need to add AddSigningCredential() in startup if we implement ISigningCredentialStore. How to load new SigningCredentials in IdentityServer automatically.
As mentioned, you can create your own ISigningCredentialStore and IValidationKeysStore implementations and you can encapsulate any logic you like within that custom implementation, including key-rollover without an app restart.
Note that you should ensure that your clients don't cache discovery data for more than the rollover overlap period.