From where we can get Certificates to be used insdie our Active Directory Apps

john john 926 Reputation points
2023-02-06T00:31:27.3366667+00:00

I created a new ASP.NET Core 6.0 MVC web application using Visual Studio 2022, and I define it to use Azure AD for authentication, as follows:

[enter image description here

(https://i.stack.imgur.com/1veNF.png"")

enter image description here

(https://i.stack.imgur.com/S0Kbq.png"")

Then I was asked to create an owned application, so I created one named "ad" as follows:

enter image description here

](https://i.stack.imgur.com/U74Ni.png"")

[enter image description here

(https://i.stack.imgur.com/Pi7nS.png"")

Inside my application's appsetting.json I have these settings:

{
    "AzureAd": {
        "Instance": "https://login.microsoftonline.com/",
        "Domain": "*****",
        "TenantId": "***",
        "ClientId": "***",
        "CallbackPath": "/signin-oidc"
    },
    ....
}

It seems Visual Studio did all the work for us.

But when I checked the "Certificate & Secrets" in the Azure portal for the generated Azure AD APP, I found that there is not anything assigned:

!

(https://i.stack.imgur.com/tQ8lQ.png"")

So now we are going to upload a certificate (.crt file), but i am not sure from where we can get such a certificate ,, does Azure offers such a certificates.. please if someone can provide a step by step of how to get such a certificate. Thanks

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
608 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,424 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,801 Reputation points Microsoft Employee
    2023-02-17T20:47:43.9833333+00:00

    Hi john john ,

    The certificate needs to come from a Certificate Authority. It can be from a public Certificate Authority such as Digicert or it can be your own self-signed certificate that you create.

    If you use Digicert, you can simply follow these steps:

    1. Create an account with DigiCert
    2. Generate a certificate signing request (CSR)
    3. Submit the CSR to DigiCert
    4. Download the certificate from DigiCert
    5. Install the certificate on your server

    Once you have installed the certificate, you can export the public key as a .pfx file and then upload it to the "Certificates & secrets" section in the app registration.

    If you create your own certificate, you can use tools like OpenSSL or Powershell.

    Using OpenSSL, you can create a certificate using this command:

    openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes

    (See detailed example here. )

    You can also use the "New-SelfSignedCertificate" command in Powershell:

    New-SelfSignedCertificate -Subject "CN=My Self-Signed Certificate" -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -NotAfter (Get-Date).AddYears(10) -CertStoreLocation "Cert:\LocalMachine\My"

    There is a quick three-minute screenshare here that shows the process of adding the certificate, as well as a very detailed walkthrough here that explains the way the certificate signing works.

    Let me know if this helps and if you have further questions!

    -

    If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.

    0 comments