Certificate with thumbprint was not found in certificate store or has expired.

Question

Certificate with thumbprint was not found in certificate store or has expired.

Ken Nye 20

I created an APP on 2/16/2022 and a certificate that expires 2/16/2032. As of 1/10/25 I now get this error when I try to call the API

Certificate with thumbprint 'xxxxxxx' was not found in certificate store or has expired.

When I look in my Azure App registrations it show my app with a current and valid certificate.

Sanoop M 4,310 Reputation points Moderator

2025-01-29T19:07:48.3933333+00:00

Hello @Ken Nye,

Thank you for posting your query on Microsoft Q&A.

To further check this issue, could you please provide the below mentioned details.

1.Please update us exactly what API you are trying to call and from where you are trying to call the API?

2.Please provide us the Error Screenshot when you are trying to call the API.

3.Please go to the Certificates and Secrets page of your application from App Registrations section and please check how many certificates are you able to see in the Certificates section(Please provide us the Screenshot).

4.If you are able to see any previously expired certificates in the Certificates section, please delete that expired certificate and check the behavior if you are successfully able to call the API or not.

I am looking forward to your response.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,310 Reputation points Moderator

2025-01-30T20:40:51.49+00:00

Hello @Ken Nye,

We haven’t heard from you on the last response and was just checking back to see if you could provide the additional details as mentioned above. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to help.

Thanks and Regards,

Sanoop Mohan

Ken Nye 20

I created an APP to connect to outlook calendar, I am using powershell to connect, this is the error that I get

Connect-MgGraph: untitled:Untitled-1:2:1

Line |

  2 |  Connect-MgGraph -ClientID 3b3cd157-e39b-4d7e-8190-xxxxxxxxx -Tenan …

    |  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    | Certificate with thumbprint '36A225E905C5392CCAxxxxxxxxxxx' was not found in certificate store or has expired.  
```   ![User's image](/api/attachments/a79ed054-f928-453f-885a-87ad20eac448?platform=QnA)
   
   I have no expired secrets or certficates.  
![User's image](/api/attachments/9aad048e-4a6e-47bf-927d-ac0a99700d83?platform=QnA)

![User's image](/api/attachments/8f65c8af-c916-415b-88f9-ce28b9919c0a?platform=QnA)

Ken Nye 20 Reputation points

2025-01-30T20:47:53.9433333+00:00

duplicate.. please delete
Sanoop M 4,310 Reputation points Moderator

2025-02-03T19:41:22.8633333+00:00

Hello @Ken Nye,

Thank you for your response.

Please send us an email on 'azcommunity@microsoft.com' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.

We can connect offline and discuss further on this issue.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,310 Reputation points Moderator

2025-02-11T18:57:54.0433333+00:00

Hello @Ken Nye,

Thank you for your time over the call.

As we have discussed over the call, please attach all the Screenshots as mentioned below so that it will be helpful for reviewing for all the other community members.

1.Please provide us the exact Error Screenshot when you are trying to call the API.

2.Please go to the Certificates and Secrets page of your application from App Registrations section and please check how many certificates are you able to see in the Certificates section(Please provide us the Screenshot).

3.Please provide us the Team_Calendar application Overview page from the App Registrations section.

4.Please provide us the assigned Users and Groups page of the application configured in Enterprise Applications section.

I am looking forward to your response.
Ken Nye 20 Reputation points

2025-02-11T19:50:05.3066667+00:00

Here are all the screen shots you requested.
Sanoop M 4,310 Reputation points Moderator

2025-02-14T00:58:22.3833333+00:00

Hello @Ken Nye,

Thank you for providing all the requested Screenshots.

We are currently investigating this issue and we will get back to you with our findings.
SrideviM 5,720 Reputation points Microsoft External Staff Moderator

2025-02-18T02:29:54.78+00:00

Hello @Ken Nye ,

Could you provide what PowerShell commands/script are used to create certificate and how you are generating the access token so that I can reproduce the same in my environment? Refer this article and confirm whether you are using similar commands or not?

Accepted answer

0 additional answers

Your answer

Sanoop M 4,310 Reputation points Moderator

2025-01-29T19:07:48.3933333+00:00

Hello @Ken Nye,

Thank you for posting your query on Microsoft Q&A.

To further check this issue, could you please provide the below mentioned details.

1.Please update us exactly what API you are trying to call and from where you are trying to call the API?

2.Please provide us the Error Screenshot when you are trying to call the API.

3.Please go to the Certificates and Secrets page of your application from App Registrations section and please check how many certificates are you able to see in the Certificates section(Please provide us the Screenshot).

4.If you are able to see any previously expired certificates in the Certificates section, please delete that expired certificate and check the behavior if you are successfully able to call the API or not.

I am looking forward to your response.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,310 Reputation points Moderator

2025-01-30T20:40:51.49+00:00

Hello @Ken Nye,

We haven’t heard from you on the last response and was just checking back to see if you could provide the additional details as mentioned above. In case if you have any resolution, please do share that same with the community as it can be helpful to others. Otherwise, we will respond with more details and we will try to help.

Thanks and Regards,

Sanoop Mohan
Ken Nye 20 Reputation points

2025-01-30T20:45:00.8333333+00:00

I created an APP to connect to outlook calendar, I am using powershell to connect, this is the error that I get

Connect-MgGraph: untitled:Untitled-1:2:1

Line |

2 | Connect-MgGraph -ClientID 3b3cd157-e39b-4d7e-8190-xxxxxxxxx -Tenan … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | Certificate with thumbprint '36A225E905C5392CCAxxxxxxxxxxx' was not found in certificate store or has expired. ``` ![User's image](/api/attachments/a79ed054-f928-453f-885a-87ad20eac448?platform=QnA) I have no expired secrets or certficates. ![User's image](/api/attachments/9aad048e-4a6e-47bf-927d-ac0a99700d83?platform=QnA) ![User's image](/api/attachments/8f65c8af-c916-415b-88f9-ce28b9919c0a?platform=QnA)
Ken Nye 20 Reputation points

2025-01-30T20:47:53.9433333+00:00

duplicate.. please delete
Sanoop M 4,310 Reputation points Moderator

2025-02-03T19:41:22.8633333+00:00

Hello @Ken Nye,

Thank you for your response.

Please send us an email on 'azcommunity@microsoft.com' with Sub - "ATTN: sanoopm" and following details in the email body: Link to this thread/post.

We can connect offline and discuss further on this issue.

Thanks and Regards,

Sanoop Mohan
Sanoop M 4,310 Reputation points Moderator

2025-02-11T18:57:54.0433333+00:00

Hello @Ken Nye,

Thank you for your time over the call.

As we have discussed over the call, please attach all the Screenshots as mentioned below so that it will be helpful for reviewing for all the other community members.

1.Please provide us the exact Error Screenshot when you are trying to call the API.

2.Please go to the Certificates and Secrets page of your application from App Registrations section and please check how many certificates are you able to see in the Certificates section(Please provide us the Screenshot).

3.Please provide us the Team_Calendar application Overview page from the App Registrations section.

4.Please provide us the assigned Users and Groups page of the application configured in Enterprise Applications section.

I am looking forward to your response.
Ken Nye 20 Reputation points

2025-02-11T19:50:05.3066667+00:00

Here are all the screen shots you requested.
Sanoop M 4,310 Reputation points Moderator

2025-02-14T00:58:22.3833333+00:00

Hello @Ken Nye,

Thank you for providing all the requested Screenshots.

We are currently investigating this issue and we will get back to you with our findings.
SrideviM 5,720 Reputation points Microsoft External Staff Moderator

2025-02-18T02:29:54.78+00:00

Hello @Ken Nye ,

Could you provide what PowerShell commands/script are used to create certificate and how you are generating the access token so that I can reproduce the same in my environment? Refer this article and confirm whether you are using similar commands or not?

Answer 1

Hello @Ken Nye

The error usually occurs if the certificate added in Azure AD app registration is deleted in local certification store.

I have one app registration with certificate named graphcert07 added in it:

enter image description here

Now, I ran certmgr.msc in Windows Run to open Certificate Manager and deleted graphcert07 certificate as below:

enter image description here

When I tried to connect Microsoft Graph PowerShell using that certificate, I too got same error like this:

$tenantId = "tenantId"
$clientId = "appId"
$thumbprint = "65876F7BB07B2Cxxxxxxxxxxxx"

Connect-MgGraph -ClientId $clientId -TenantId $tenantId -CertificateThumbprint $thumbprint

enter image description here

Even if the certificate is present in Azure AD app registration, it should also present in local certification store.

In your case, open Certificate Manager and check whether certificate named Azure_cert thumbprint is present in it or not.

If it’s not present, delete the existing certificate in Azure AD app registration and upload new certificate to it.

I created one new certificate by running below PowerShell commands:

$certname = "mygraphcert"    
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

Export-Certificate -Cert $cert -FilePath "C:/mycerts/$certname.cer"   ## Specify your preferred location

enter image description here

Now, I uploaded this new certificate to Azure AD app registration by deleting the old one:

enter image description here

When I tried to connect Microsoft Graph PowerShell using new certificate, I got the response successfully as below:

$tenantId = "tenantId"
$clientId = "appId"
$thumbprint = "91792D97E4xxxxxxxxxxxxxxx"

Connect-MgGraph -ClientId $clientId -TenantId $tenantId -CertificateThumbprint $thumbprint
Get-MgUserDefaultCalendar -UserId "userobjectId"

enter image description here

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members. User's image

If you have any other questions or still running into more issues, let me know in the "comments" and I would be happy to help you.

Share via

Certificate with thumbprint was not found in certificate store or has expired.

0 additional answers

Your answer