Versions Compared

Old Version 8

changes.mady.by.user Julian Ramirez

Saved on

compared with

New Version Current

changes.mady.by.user David Solano Araya

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applications defined in Azure AD are allowed to make app-only calls by sharing a certificate with Azure AD. Azure AD will get the public key certificate and the app will get the private key certificate. Although a trusted certificate should be used for production deployments, makecert/self-signed cmdlet New-SelfSignedCertificate certificates are fine for testing/debugging (similar to local web debugging with https). Here are the steps to generate a self-signed certificate with makecert.exe cmdlet New-SelfSignedCertificate and exporting it for use with Azure AD.

Part 1: Generate a Self-signed Certificate

  1. Open Visual Studio Tools Command Prompt.

    Info
    Note: for Windows 10 you may have to download the Windows 10 SDK to get the makecert application.

    Windows PowerShell ISE.

  2. Create a PowerShell script with the following contentRun makecert.exe with the following syntax:

    Code Block
    languagetextpowershell
    themeRDark
    makecert $cert = New-rSelfSignedCertificate -peDnsName www.mysite.com -nCertStoreLocation "CN=SearchTechnologies SPOnline Certcert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange" -bNotBefore 10/15/20162019 -eNotAfter 10/15/2018 -ss my -len 2048
  3. Run mmc.exe
  4. Go to File → Add/Remove Snap In
  5. Add Certificates → My User Account
  6. Locate the certificate from step 2 in the Personal certificate store
  7. Right-click and select All tasks >> Export
  8. 2021 
 $password
 = ConvertTo-SecureString -String "mySecurePassword" -Force -AsPlainText
 Export-PfxCertificate
 -Cert $cert -FilePath ".\aspire.mysite.com.pfx" -Password $password
 Export-Certificate
 -Type CERT -Cert $cert -FilePath .\aspire.mysite.com.cer
  9. Update the value for -DnsName.
  10. Update the values for -NotBefore and -NotAfter .
  11. Update the password value.
  12. Update the -FilePath value for the cer and pfx files.
  13. Additional information about these parameters can be found in the New-SelfSignedCertificate page.
  14. Execute the PowerShell script. You need administrator permissions to successfully execute the script.
  15. Both files should be created in the specified location.Complete the Certificate Export Wizard twice: once with the private key (specify a password and save as .pfx) and once without the private key (save as .cer)

Part 2: Create the Azure AD Application

...