How to connect SharePoint online using certificate?

Question

How to connect SharePoint online using certificate?

Khushboo Kumari 107

Hi

I want to execute my code using azure runbook. I am trying to connect the SharePoint using below command

$application = ""

$certificateThumbprint = ""

Connect-PnPOnline -ClientId $application -Thumbprint $certificateThumbprint -Url "https://testmig097.sharepoint.com/sites/site2" -Tenant "testmig097.onmicrosoft.com"

but getting error like this User's image

User's image

How to resolve it? and is there any other method to connect SharePoint in azure runbook?

RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2023-06-28T08:43:09.1633333+00:00
Hi @Khushboo Kumari,

You can refer to the following script to connect sharepoint online

workflow Get-SPUrl { [OutputType([string])] Param([string] $SiteUrl) Connect-PnPOnline -ClientId cb5d965a-1ccc-4e0e-8f08-d374e1e8fa46 -Url $SiteUrl -Tenant "PieterVeenstraMVP.onmicrosoft.com" -Thumbprint A88CE1075F97003AF4303B3B7F3683ABFE3B9466 $Web = Get-PnPWeb $Title = $Web.Title Write-Output $Title }

Please check the steps in the article

https://sharepains.com/2021/07/09/pnp-powershell-azure-automation-accounts/

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Khushboo Kumari 107 Reputation points

2023-06-28T11:34:19.54+00:00

Hi,

I am getting this error during we execute the script.
Limitless Technology 44,751 Reputation points

2023-06-28T14:10:48.4966667+00:00

Hello there,

To connect to SharePoint Online using a certificate, you can follow these steps:

Obtain or create a client certificate: First, you need to obtain or create a client certificate that will be used for authentication. You can either acquire a certificate from a trusted certificate authority (CA) or generate a self-signed certificate.

Import the certificate: Import the client certificate into the local certificate store of the machine from which you'll be connecting to SharePoint Online. You can use tools like the Microsoft Management Console (MMC) or PowerShell to import the certificate.

Grant permissions to the certificate: In SharePoint Online, you need to grant permissions to the client certificate to allow it to authenticate.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--
Khushboo Kumari 107 Reputation points

2023-06-28T17:00:27.6366667+00:00

Hi,

thanks for the response. I want to execute the code in azure automation runbook not in local PowerShell. So how can we do in runbook.
AnuragSingh-MSFT 21,546 Reputation points Moderator

2023-07-03T05:01:46.7733333+00:00

@Khushboo Kumari , Following-up to check if you had a chance to review my answer.

If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

1 answer

Your answer

RaytheonXie_MSFT 40,471 Reputation points Microsoft External Staff

2023-06-28T08:43:09.1633333+00:00

Hi @Khushboo Kumari,

You can refer to the following script to connect sharepoint online

workflow Get-SPUrl { [OutputType([string])] Param([string] $SiteUrl) Connect-PnPOnline -ClientId cb5d965a-1ccc-4e0e-8f08-d374e1e8fa46 -Url $SiteUrl -Tenant "PieterVeenstraMVP.onmicrosoft.com" -Thumbprint A88CE1075F97003AF4303B3B7F3683ABFE3B9466 $Web = Get-PnPWeb $Title = $Web.Title Write-Output $Title }

Please check the steps in the article

https://sharepains.com/2021/07/09/pnp-powershell-azure-automation-accounts/

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Khushboo Kumari 107 Reputation points

2023-06-28T11:34:19.54+00:00

Hi,

I am getting this error during we execute the script.
Limitless Technology 44,751 Reputation points

2023-06-28T14:10:48.4966667+00:00

Hello there,

To connect to SharePoint Online using a certificate, you can follow these steps:

Obtain or create a client certificate: First, you need to obtain or create a client certificate that will be used for authentication. You can either acquire a certificate from a trusted certificate authority (CA) or generate a self-signed certificate.

Import the certificate: Import the client certificate into the local certificate store of the machine from which you'll be connecting to SharePoint Online. You can use tools like the Microsoft Management Console (MMC) or PowerShell to import the certificate.

Grant permissions to the certificate: In SharePoint Online, you need to grant permissions to the client certificate to allow it to authenticate.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--
Khushboo Kumari 107 Reputation points

2023-06-28T17:00:27.6366667+00:00

Hi,

thanks for the response. I want to execute the code in azure automation runbook not in local PowerShell. So how can we do in runbook.
AnuragSingh-MSFT 21,546 Reputation points Moderator

2023-07-03T05:01:46.7733333+00:00

@Khushboo Kumari , Following-up to check if you had a chance to review my answer.

If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

Answer 1

@Khushboo Kumari , thank you for posting this question here. I see that you are getting the "Keyset does not exist" error, when trying to connect to SharePoint online using the Connect-PnPOnline cmdlet.

Generally, this error specifically points to the following 2 issues:

The certificate used/uploaded does not have private key associated with it. OR
That the user account (which is executing the runbook, in this case the Azure Automation job account) does not have access to the certificate.

Since the issue is happening in Azure Automation, you cannot do much about the 2nd point mentioned above. Therefore, please ensure that the certificate (whose thumbprint is being used in the cmdlet, does have a private ket associated with it).

Please follow the step mentioned below, to ensure that correct type of certificate has been created and it is uploaded to AppRegistration with the private key with it - Granting access via Azure AD App-Only.

If your sharepoint and Azure Automation account are in the same tenant, you can also use Managed Identity to connect to Sharepoint online from Azure Automation. This is much cleaner and does not require certificate based authentication. For details, see Authentication in Azure Automation with Managed Identity on SharePoint and Microsoft Graph

Also, see the guidelines from the official PnP repository: Connect to the SharePoint Online using Application Permissions

Hope this helps.

Petr Sors (DHL IT Services), external 1 Reputation point

2025-05-21T17:02:05.1633333+00:00

I confirm the point 2. helped me. Cert must be imported to any user's Personal store who is running the Connect-PnPOnline cmdlet.

Share via

How to connect SharePoint online using certificate?

1 answer

Your answer