Share via

What are the SSL Certificate Requirements for multiple redirect URIs in Azure App Registrations?

Dan Bhatoa 46 Reputation points
2022-06-28T12:29:42.76+00:00

Hi,
We're looking to create a new app registration in Azure AD. The App Registration will have multiple redirect URIs for different environments (i.e. contosoprod.com, contosodev.com, foxtrotprod.com etc).

SSL certificates are preferred to client secrets for security reasons, however I have a few questions:

  1. What does the SSL certificate domain/URL need to contain? Does it need to match all of the URIs in the app registration?
  2. Can I use private SSL certificates and if so, what do I need to do to ensure they work in Azure AD and the application?

Thanks

Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
215 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dan Bhatoa 46 Reputation points
    2022-06-29T10:51:29.17+00:00

    Answer from Microsoft below

    SSLs uploaded to Application Registrations are used as an authentication method, rather than as an identifier.
    This means the SSL does not need to contain any specific domains, as long as the certificate is uploaded to the Application Registration it can be used for authentication by the application being developed

    For reference here are the general SSL requirements:
    • Subject – This is descriptive and for ease of identification
    • KeyExportPolicy – Exportable
    • Signature Hash – SHA256
    • KeyLength – 2048
    • File type - .cer / .pem / .crt

    You can find more information on uploading an SSL here:
    https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-credentials
    https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#authentication-two-options

    0 comments