From where we can get a certificate for our Azure Active Directory App

Question

I created a new ASP.NET Core 6.0 MVC web application using Visual Studio 2022, and I define it to use Azure AD for authentication, as follows:

Then I was asked to create an owned application, so I created one named "ad" as follows:

Inside my application's appsetting.json I have these settings:

{
    "AzureAd": {
        "Instance": "https://login.microsoftonline.com/",
        "Domain": "*****",
        "TenantId": "***",
        "ClientId": "***",
        "CallbackPath": "/signin-oidc"
    },
    ....
}

It seems Visual Studio did all the work for us.

But when I checked the "Certificate & Secrets" in the Azure portal for the generated Azure AD APP, I found that there is not anything assigned:

So now we are going to upload a certificate (.crt file), but from where we can get such a certificate, and does Azure provide such certificates?

1: https://i.stack.imgur.com/1veNF.png

2: https://i.stack.imgur.com/S0Kbq.png

3: https://i.stack.imgur.com/U74Ni.png

4: https://i.stack.imgur.com/Pi7nS.png

5: https://i.stack.imgur.com/tQ8lQ.png

Answer 1

Hello, Azure AD app certificates can be issued by yourself (for development purposes) or by a third-party CA. The certificate must be a X.509 that:

• Has 2048-bit or longer keys. 2048-bit size is highly recommended for the best combination of security and performance.
• Uses the RSA cryptographic algorithm. Azure AD currently supports only RSA.
• Is signed with the SHA256 hash algorithm. Azure AD also supports certificates signed with SHA384 and SHA512 hash algorithms.

Take a look to Create and export your public certificate and Generating self-signed certificates for instructions on how to create a self-signed cert. You can also use the former to create a certificate signing request that be sent to a CA.

Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.