Hi john john ,
The certificate needs to come from a Certificate Authority. It can be from a public Certificate Authority such as Digicert or it can be your own self-signed certificate that you create.
If you use Digicert, you can simply follow these steps:
- Create an account with DigiCert
- Generate a certificate signing request (CSR)
- Submit the CSR to DigiCert
- Download the certificate from DigiCert
- Install the certificate on your server
Once you have installed the certificate, you can export the public key as a .pfx file and then upload it to the "Certificates & secrets" section in the app registration.
If you create your own certificate, you can use tools like OpenSSL or Powershell.
Using OpenSSL, you can create a certificate using this command:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -nodes
(See detailed example here. )
You can also use the "New-SelfSignedCertificate" command in Powershell:
New-SelfSignedCertificate -Subject "CN=My Self-Signed Certificate" -KeyUsage DigitalSignature -KeyAlgorithm RSA -KeyLength 2048 -NotAfter (Get-Date).AddYears(10) -CertStoreLocation "Cert:\LocalMachine\My"
There is a quick three-minute screenshare here that shows the process of adding the certificate, as well as a very detailed walkthrough here that explains the way the certificate signing works.
Let me know if this helps and if you have further questions!
-
If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.