diff --git a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs
index c99ce5e245..e5f2d7222a 100644
--- a/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs
+++ b/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Microsoft/Extensions/DependencyInjection/OpenIddictServerBuilderExtensions.cs
@@ -5,14 +5,17 @@ namespace Microsoft.Extensions.DependencyInjection;
 
 public static class OpenIddictServerBuilderExtensions
 {
-    public static OpenIddictServerBuilder AddProductionEncryptionAndSigningCertificate(this OpenIddictServerBuilder builder, string fileName, string passPhrase)
+    public static OpenIddictServerBuilder AddProductionEncryptionAndSigningCertificate(this OpenIddictServerBuilder builder, string fileName, string passPhrase, X509KeyStorageFlags? flag)
     {
         if (!File.Exists(fileName))
         {
             throw new FileNotFoundException($"Signing Certificate couldn't found: {fileName}");
         }
 
-        var certificate = new X509Certificate2(fileName, passPhrase);
+        var certificate = flag != null
+            ? new X509Certificate2(fileName, passPhrase, flag.Value)
+            : new X509Certificate2(fileName, passPhrase);
+
         builder.AddSigningCertificate(certificate);
         builder.AddEncryptionCertificate(certificate);
         return builder;