Hello, Azure AD app certificates can be issued by yourself (for development purposes) or by a third-party CA. The certificate must be a X.509 that:
- Has 2048-bit or longer keys. 2048-bit size is highly recommended for the best combination of security and performance.
- Uses the RSA cryptographic algorithm. Azure AD currently supports only RSA.
- Is signed with the SHA256 hash algorithm. Azure AD also supports certificates signed with SHA384 and SHA512 hash algorithms.
Take a look to Create and export your public certificate and Generating self-signed certificates for instructions on how to create a self-signed cert. You can also use the former to create a certificate signing request that be sent to a CA.
Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.