Client Application loading Certificate for Identification

Warwick Foster 41 Reputation points

How does a new client load a certificate for identification?

I am trying to set up a client application to get authorised against certificate. I think I have been misunderstanding to role of the Certificates section of the Azure Application Certificate and Secrets blade.

Just to set a context:

  1. I have the Root Certificate installed on the Azure AD using the New-AzureADTrustedCertificateAuthority function.
  2. I have a Server Application definition set with API permissions set
  3. I have a Client Application with rights to that Server Application set and approval granted.
  4. On the Client Application I have loaded manually the Client Certificate for testing
  5. From the Server Application Web API running locally I am calling the Tenant Id and Server Id
  6. From the Client Console App I am sending the Client Certificate

The API has no UI.

I can create a new User and Application for a new Client.

How does the Client login and load up their client certificate for future Machine to Machine authentication?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,454 questions
0 comments No comments
{count} votes

Accepted answer
  1. 2020-11-30T19:04:38.26+00:00

    Hello anonymous user, assuming you're talking about Azure AD registered applications then you need to upload the certificate in the Azure AD app registration created for your Server application. For how to load it into your client application token request take a look to Assertion format. Unless you meet the following pre-requisites there's not point using certificate based authentication.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and optionally fill the feedback form it so that other members in the community can benefit from it.

1 additional answer

Sort by: Most helpful
  1. Warwick Foster 41 Reputation points

    HI Alfredo I am still unsure of the process for the client application. I can see that if the Client has access to the application in Azure that they can add the certifciate. I did this successfuly when I gace the guest role Application administrator. But then they could see all of the other clients through navigation.

    I want to enable to client to upload their certificiate into their Ad Application definition securly without seeing everyone else.