Update existing SAML Signing Certificate in azure enterprise application using graph api or PowerShell?

Sahadeb Patro 121 Reputation points Microsoft Employee
2021-12-24T06:52:41.363+00:00

I've an request to automate the process of creating an enterprise application in azure, which was done with the following process using graph api.
application-saml-sso-configure-api

Customer already has an existing certificate which they want to add to the application. However, this process generates the new certificate for the application using - POST https://graph.microsoft.com/v1.0/servicePrincipals/a750f6cf-2319-464a-bcc3-456926736a91/addTokenSigningCertificate

Is there any suggestion if we can update the existing certificate to the enterprise application either by Graph API or PowerShell ?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,646 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,381 questions
0 comments
Accepted answer
  1. CarlZhao-MSFT 37,216 Reputation points
    2021-12-24T08:57:06.54+00:00

    Hi @Sahadeb Patro

    If you add an existing certificate to the application for authentication, should call the /addKey endpoint. 

    POST https://graph.microsoft.com/v1.0/applications/{id}/addKey  
Content-type: application/json  
{  
    "keyCredential": {  
        "type": "AsymmetricX509Cert",  
        "usage": "Verify",  
        "key": "MIIDYDCCAki..."  
    },  
    "passwordCredential": null,  
    "proof":"eyJ0eXAiOiJ..."  
}

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sahadeb Patro 121 Reputation points Microsoft Employee
    2021-12-24T17:52:15.447+00:00

    Can also suggest here what the ID is referring to

    POST https://graph.microsoft.com/v1.0/applications/**{id}**/addKey

    0 comments
  2. Limitless Technology 39,371 Reputation points
    2021-12-24T20:01:01.41+00:00

    Hi @Sahadeb Patro

    To renew your certificate using Azure PowerShell, use the following script 

    $appgw = Get-AzApplicationGateway `  
  -ResourceGroupName <ResourceGroup> `  
  -Name <AppGatewayName>  
  
$password = ConvertTo-SecureString `  
  -String "<password>" `  
  -Force `  
  -AsPlainText  
  
set-AzApplicationGatewaySSLCertificate -Name <oldcertname> `  
-ApplicationGateway $appgw -CertificateFile <newcertPath> -Password $password  
  
Set-AzApplicationGateway -ApplicationGateway $appgw

    You can use the below article to get more info https://learn.microsoft.com/en-us/azure/application-gateway/renew-certificates#code-try-0

    Hope this resolves your Query!!

    ----------

    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments