Versions Compared

Old Version 7

changes.mady.by.user Julian Ramirez

Saved on

compared with

New Version 8

changes.mady.by.user Julian Ramirez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open Visual Studio Tools Command Prompt.

    Info
    Note: for Windows 10 you may have to download the Windows 10 SDK to get the makecert application.

  2. Run makecert.exe with the following syntax:

    Code Block
    languagetext
    themeRDark
    makecert -r -pe -n "CN=SearchTechnologies SPOnline Cert" -b 10/15/2016 -e 10/15/2018 -ss my -len 2048
  3. Run mmc.exe
  4. Go to File → Add/Remove Snap In
  5. Add Certificates → My User Account
  6. Locate the certificate from step 2 in the Personal certificate store
  7. Right-click and select All tasks >> Export
  8. Complete the Certificate Export Wizard twice: once with the private key (specify a password and save as .pfx) and once without the private key (save as .cer)

Part 2:

...

Open Windows PowerShell and run the following commands:

Code Block
languagepowershell
$certPath = <Path to Cert>
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($certPath)
$rawCert = $cert.GetRawCertData()
$base64Cert = [System.Convert]::ToBase64String($rawCert)
$rawCertHash = $cert.GetCertHash()
$base64CertHash = [System.Convert]::ToBase64String($rawCertHash)
$KeyId = [System.Guid]::NewGuid().ToString()
Write-Host $base64Cert
Write-Host $base64CertHash
Write-Host $KeyId

...

Create the Azure AD Application

  1. Log into the Azure Management Portal for your Office 365 tenant.
  2. Go to the Azure Active Directory tab and select App Registrations.
  3. Select "New Application Registration".Give
  4. On "Supported account types" select "Accounts in this organizational directory only ".
  5. On "Redirect URI" select Web the application a name and keep the default selection of "Web App / API".
  6. Enter a Sign-on URL (the value of this doesn’t really matter other than being unique) and click "CreateRegister".
  7. Look for your new application on the Regitered Registered Applications list and click it.
  8. Go to Required API Permissions and click on "Add a permission".
  9. On the "Select an API" section, add the "Office 365 SharePoint Online" application
  10. On Select "Select Application Permissions" , select and check the following "Application Permissions"permissions:
    1. TermStore.Read.All: Read Managed Metadata.
    2. Sites.FullControl.All: Have Full Control of all Site Collections.
    3. Sites.Read.All: Read Items in all Site Collections.
  11. Click on "Add permissions".
  12. After saving you have to click "Grant Permissionsadmin consent" to apply the changes.
Info
On the Configure section you'll also see the Application ID. Copy and save this ID, you are going to need it when configuring the connector.

Part

...

3: Configure certificate public key for App

...

Update the keyCredentials attribute with the following settings:

Code Block
languagetext
themeRDark
"keyCredentials": [
	{
		"customKeyIdentifier": "<$base64CertHash FROM ABOVE>",
		"keyId": "<$KeyId FROM ABOVE>",
		"type": "AsymmetricX509Cert",
		"usage": "Verify",
		"value": "<$base64Cert FROM ABOVE>"
	}
],

Save the updated manifest.

Info
Note: If you try to download the manifest again, you'll notice that the expiration dates are now there and the cert value is now null. This is normal and it shouldn't prevent the app to work as expected.

...

  1. Go to "Certificates and secrets".
  2. Click on "Upload certificate".
  3. Select the certificate created on Part 1.
  4. Add the certificate.

Part 4

...

: Generate Private Key

Info
You may need to download OpenSSL for Windows to follow these steps.

...