Hello @Stuart,
Thank you for posting your query on Microsoft Q&A.
Based on your description, I see you are looking to purchase a certificate to connect with your SAML application in Azure AD B2C tenant instead of self-signed certificates. You can purchase a signed certificate from a reputable Certificate Authority (CA) such as DigiCert, GlobalSign, or Comodo. As you are looking to use the certificate for SAML message signing, you will need to purchase a certificate that supports digital signatures. You need to export your SSL cert as .pfx file. The structure of an X.509 v3 digital certificate is as follows:
- Certificate
- Version Number
- Serial Number
- Signature Algorithm ID
- Issuer Name
- Validity period
- Not Before
- Not After
- Subject name
- Subject Public Key Info
- Public Key Algorithm
- Subject Public Key
- Issuer Unique Identifier (optional)
- Subject Unique Identifier (optional)
- Extensions (optional)
Certificate Signature Algorithm
Certificate Signature
Once you have obtained the certificate, you can upload it to Azure AD B2C by following these steps:
- Sign in to the Azure portal.
- If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
- Select All services in the upper-left corner of the Azure portal, and then search for and select Azure AD B2C.
- On the Overview page, select Identity Experience Framework.
- Select Policy Keys, and then select Add.
- For Options, select Upload.
- For Name, enter a name for the policy key. For example, enter SamlIdpCert. The prefix B2C_1A_ is added automatically to the name of your key.
- Browse to and select your certificate .pfx file with the private key.
- Select Create.
If your certificate comes on a USB pen or CD and requires its own software, you will need to follow the instructions provided by the CA to install the certificate on your machine. Once the certificate is installed, you can export it as a .pfx file and upload it to Azure AD B2C as described above.
Ref: https://learn.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy
https://en.wikipedia.org/wiki/X.509
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.