Applications defined in Azure AD are allowed to make app-only calls by sharing a certificate with Azure AD. Azure AD will get the public key certificate and the app will get the private key certificate. Although a trusted certificate should be used for production deployments, makecert/self-signed cmdlet New-SelfSignedCertificate certificates are fine for testing/debugging (similar to local web debugging with https). Here are the steps to generate a self-signed certificate with makecert.exe cmdlet New-SelfSignedCertificate and exporting it for use with Azure AD.
Open Visual Studio Tools Command Prompt.
Info |
---|
Note: for Windows 10 you may have to download the Windows 10 SDK to get the makecert application. |
Windows PowerShell ISE.
Create a PowerShell script with the following contentRun makecert.exe with the following syntax:
Code Block | ||||
---|---|---|---|---|
| ||||
makecert $cert = New-rSelfSignedCertificate -peDnsName www.mysite.com -nCertStoreLocation "CN=SearchTechnologies SPOnline Certcert:\LocalMachine\My" -KeyLength 2048 -KeySpec "KeyExchange" -bNotBefore 10/15/20162019 -eNotAfter 10/15/2018 -ss my -len 2048 |
2021
$password
= ConvertTo-SecureString -String "mySecurePassword" -Force -AsPlainText
Export-PfxCertificate
-Cert $cert -FilePath ".\aspire.mysite.com.pfx" -Password $password
Export-Certificate
-Type CERT -Cert $cert -FilePath .\aspire.mysite.com.cer
|
...