Easy Heading Free | ||||||
---|---|---|---|---|---|---|
|
Applications defined in Azure AD are allowed to make app-only calls by sharing a certificate with Azure AD. Azure AD will get the public key certificate and the app will get the private key certificate. Although a trusted certificate should be used for production deployments, cmdlet New-SelfSignedCertificate certificates are fine for testing/debugging (similar to local web debugging with https). Here are the steps to generate a self-signed certificate with cmdlet New-SelfSignedCertificate and
...
export it for use with Azure AD.
Open Windows PowerShell ISE.
Create a PowerShell script with the following content:
Code Block | ||||
---|---|---|---|---|
| ||||
$cert = New-SelfSignedCertificate -DnsName www.mysite.com -CertStoreLocation "cert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange" -NotBefore 10/15/2019 -NotAfter 10/15/2021
$password
= ConvertTo-SecureString -String "mySecurePassword" -Force -AsPlainText
Export-PfxCertificate
-Cert $cert -FilePath ".\aspire.mysite.com.pfx" -Password $password
Export-Certificate
-Type CERT -Cert $cert -FilePath .\aspire.mysite.com.cer
|
Create a private key
Code Block | ||
---|---|---|
| ||
openssl genrsa -out key.pem 2048 |
Create certificate signing request
Code Block |
---|
openssl req -new -sha256 -key key.pem -out csr.csr |
Create certificate
Code Block |
---|
openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem |
Create DER encoded CER file
Code Block |
---|
openssl x509 -inform PEM -in certificate.pem -outform DER -out certificate.cer |
At the end, you will see the following files created:
Info |
---|
...
In the Configure section, you'll also see the Application ID. Copy and save this ID, you are going to need it when configuring the connector. |
Info |
---|
You may need to download OpenSSL for Windows to follow these steps. |
Extract pem key (only needed if generated with Powershell)
Code Block | ||||
---|---|---|---|---|
| ||||
openssl pkcs12 -nocerts -in <PFX Path> -out <PEM Path> |
Convert extracted pem key to der format
Code Block | ||||
---|---|---|---|---|
| ||||
openssl pkcs8 -topk8 -inform PEM -outform DER -in <PEM Path> -out <DER Path> -nocrypt |