Manage custom certificates

When extending Power Pages functionality using a client-side API call with OAuth 2.0 implicit grant flow, it's best practice to use custom certificates to provide an additional level of security. You can upload you own custom certificates using the Power Platform admin center.


You cannot re-use the same custom certificate to set up a custom host name. See SSL Certificates.

Add new certificate

  1. Open the Power Platform admin center.

    1. Under Resources choose Power Pages sites.

    2. Select the site where you want to manage custom certificates. Select Manage from the main menu.


    1. In the Environments section, select the environment that contains the site you want to manage custom certificates.

    2. In the Resources area, choose Power Pages sites.

    3. Select the site where you want to manage custom certificates. Select Manage from the main menu.

  2. On the site information page, in the Security section, select Custom Certificates.

    Manage custom certificates.

  3. Select + New to upload a new certificate.

  4. Select the upload button underneath File to select a .pfx certificate file. After selecting the file, enter the password for your SSL certificate in the Password field.

  5. Select OK to upload the certificate.


    The SSL certificate must meet all of the following requirements:

    • Signed by a trusted certificate authority
    • Exported as a password-protected PFX file.
    • Contains private key at least 2048 bits long
    • Contains all intermediate certificates in the certificate chain
    • Must be SHA2 enabled; SHA1 support is being removed from popular browsers
    • PFX file must be encrypted with TripleDES encryption; Power Pages doesn't support AES-256 encryption
    • Contains an Extended Key Usage for server authentication (OID =

    The steps to export SSL certificate as a password-protected PFX file may vary depending on your certificate provider. Check with your certificate provider for recommendation. For example, certain providers may suggest using an OpenSSL third-party tool from OpenSSL or OpenSSL Binaries sites.