From 24617fe34f232ff75abec61fe799120179da9218 Mon Sep 17 00:00:00 2001
From: maliming <malimings@gmail.com>
Date: Tue, 21 Jan 2025 10:55:48 +0800
Subject: [PATCH] Update configuring-openIddict.md

---
 docs/en/deployment/configuring-openIddict.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/en/deployment/configuring-openIddict.md b/docs/en/deployment/configuring-openIddict.md
index 03db14868b..eb62f3ec3f 100644
--- a/docs/en/deployment/configuring-openIddict.md
+++ b/docs/en/deployment/configuring-openIddict.md
@@ -50,4 +50,13 @@ You can use the `dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0
 
 > If you encounter a deployment error on IIS that says **File not found** even though the file exists, it is recommended to set the application pool’s advanced settings **Load User Profile** to **True** to resolve the issue.
 
+> The `X509KeyStorageFlags.MachineKeySet` and `X509KeyStorageFlags.EphemeralKeySet` flags can be set in the `AddProductionEncryptionAndSigningCertificate` method for IIS deployments. For example:
+
+```csharp
+serverBuilder.AddProductionEncryptionAndSigningCertificate(
+   "openiddict.pfx",
+   "your-password",
+   X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.EphemeralKeySet);
+```
+
 For more information, please refer to: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-certificate-recommended-for-production-ready-scenarios