From 5d65cf5c9bc43bc8372a3029b7b66afd7dda1d3c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 9 Mar 2026 11:11:47 +0100
Subject: [PATCH] Only pick ASP.NET Core development certificates that are
 valid

---
 sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs
index 183c3b8c..ecb61f04 100644
--- a/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs
+++ b/sandbox/OpenIddict.Sandbox.AspNetCore.Server/Startup.cs
@@ -354,10 +354,12 @@ public class Startup
                     return errors is SslPolicyErrors.None or SslPolicyErrors.RemoteCertificateNotAvailable;
                 },
 
-                // Use the same TLS server certificate as the default server instance.
+                // Use the development certificate generated and stored by ASP.NET Core in the user store.
                 ServerCertificate = store.Certificates
                     .Find(X509FindType.FindByExtension, "1.3.6.1.4.1.311.84.1.1", validOnly: false)
                     .Cast<X509Certificate2>()
+                    .Where(static certificate => certificate.NotBefore < TimeProvider.System.GetLocalNow())
+                    .Where(static certificate => certificate.NotAfter > TimeProvider.System.GetLocalNow())
                     .OrderByDescending(static certificate => certificate.NotAfter)
                     .FirstOrDefault() ??
                     throw new InvalidOperationException("The ASP.NET Core HTTPS development certificate was not found.")