Should I dispose of X509Certificate2?

No, you should not dispose certificate object while the application runs, because when requested, IdentityServer will attempt to use disposed certificate object and will fail.


By looking at .NET Core source code, X509Certificate2 and its base class X509Certificate use class CertificatePal to deal with the certificate. The CertificatePal class supports creation of objects of the class from various sources: blob, file, certificate store. It calls Windows CryptoAPI to get a handle to the certificate when creating the object. So, after using the object, it would be necessary to free the resources pointed to by the handle. The good news is that, the handle is stored in a SafeCertContextHandle object, which is guaranteed to close the handle after garbage collector collects the X509Certificate2 object and finishes calling the finalizers of the objects. My understanding is that, we don't need to call the Dispose method manually.