Hi john john ,
The certificate needs to come from a Certificate Authority. It can be from a public Certificate Authority such as Digicert or it can be your own self-signed certificate that you create.
If you use Digicert, you can simply follow these steps:
- Create an account with DigiCert
- Generate a certificate signing request (CSR)
- Submit the CSR to DigiCert
- Download the certificate from DigiCert
- Install the certificate on your server
Once you have installed the certificate, you can export the public key as a .pfx file and then upload it to the "Certificates & secrets" section in the app registration.
If you create your own certificate, you can use tools like OpenSSL or Powershell.
Using OpenSSL, you can create a certificate using this command:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes
(See detailed example here. )
You can also use the "New-SelfSignedCertificate" command in Powershell:
New-SelfSignedCertificate -Subject "CN=My Self-Signed Certificate" -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -NotAfter (Get-Date).AddYears(10) -CertStoreLocation "Cert:\LocalMachine\My"
Let me know if this helps and if you have further questions!
If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.