Versions Compared

Old Version 7

changes.mady.by.user Pablo Bonilla

Saved on

compared with

New Version 8

changes.mady.by.user Andres Aguilar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Part 1: Generate a Self-signed Certificate


Option A: With PowerShell:

  1. Open Windows PowerShell ISE.

  2. Create a PowerShell script with the following content:

    Code Block
    languagepowershell
    themeRDark
     $cert = New-SelfSignedCertificate -DnsName www.mysite.com -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange" -NotBefore 10/15/2019 -NotAfter 10/15/2021 
 $password
 = ConvertTo-SecureString -String "mySecurePassword" -Force -AsPlainText
 Export-PfxCertificate
 -Cert $cert -FilePath ".\aspire.mysite.com.pfx" -Password $password
 Export-Certificate
 -Type CERT -Cert $cert -FilePath .\aspire.mysite.com.cer
  3. Update the value for -DnsName.
  4. Update the values for -NotBefore and -NotAfter .
  5. Update the password value.
  6. Update the -FilePath value for the cer and pfx files.
  7. Additional information about these parameters can be found in the New-SelfSignedCertificate page.
  8. Execute the PowerShell script. You need administrator permissions to successfully execute the script.
  9. Both files should be created in the specified location.

Option B: With OpenSSL

  1. Open a the terminal

  2. Create a private key

    Code Block
    languagebash
    openssl genrsa -out key.pem 2048

  3. Create certificate signing request

    Code Block
    openssl req -new -sha256 -key key.pem -out csr.csr

  4. Create certificate

    Code Block
    openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem

  5. Create DER encoded CER file

    Code Block
    openssl x509 -inform PEM -in certificate.pem -outform DER -out certificate.cer

  6. At the end you will see the following files created:

    • key.pem
    • certificate.cer
    • certificate.pem
    • csr.csr
  7. You will need the key.pem to generate the DER private key on Part 4 and certificate.cer for Part2

Part 2: Create the Azure AD Application

...

  1. Go to "Certificates and secrets".
  2. Click on "Upload certificate".
  3. Select the certificate created in Part 1 (.cer file).
  4. Add the certificate.

Part 4: Generate Private Key

Info
You may need to download OpenSSL for Windows to follow these steps.

  1. Extract pem key (only needed if generated with Powershell)

    Code Block
    languagetext
    themeRDark
    openssl pkcs12 -nocerts -in <PFX Path> -out <PEM Path>

  2. Convert extracted pem key to der format

    Code Block
    languagetext
    themeRDark
    openssl pkcs8 -topk8 -inform PEM -outform DER -in <PEM Path> -out <DER Path> -nocrypt

...