Skip to main content

App certificates

The Entra ID App requires a certificate and client secret for authentication. This section documents steps to create the certificate and secret.

Before you start

Prerequisite stages

Confirm the following stages have been completed:

Parameters

The following values from the parameters workbook are required:

  • {Entra-App-Cert-Name}

Permission required

Use an account with the following permissions:

  • Global Administrator

App certificates & secrets

Generate certificate

Run the following PowerShell script to generate a certificate for SharePoint authentication.

The script will output two files.

  • Certificate file (.cer file)
  • Private key value encoded as a Base64 string (.txt file)
note

IMPORTANT: Variables at top of script must be updated before proceeding.

  • $CertName: populate with {Entra-App-Cert-Name} for the instance
  • $ValidYears: populate with the number of years until expiration
  • $OutputDir: populate with the output directory where the .cer file and private key .txt file should be written
    • by default will be created in the same directory where script is run
$CertName = ""
$ValidYears = 10
$OutputDir = ".\"

$OutputKey = "$OutputDir\$CertName.txt"
$OutputCert = "$OutputDir\$CertName.cer"

$Certificate = New-PnPAzureCertificate `
-CommonName $CertName `
-ValidYears $ValidYears `
-OutCert $OutputCert

$privateKeyBase64 = $certificate.PfxBase64
$privateKeyBase64 | Out-File -FilePath $OutputKey

Retain files

The output files should be retained for later steps.

  • Certificate file (.cer file)
  • Private key value encoded as a Base64 string (.txt file) {Entra-App-PrivateKey}

app-reg-17.png

Upload certificate

  1. Navigate to the Certificates & secrets page
  2. Click on Certificates tab
  3. Click on Upload Certificate

app-reg-21.png

  1. File: select .cer file generated in the previous step
  2. Description: provide a Description e.g. "Pro-Sapien UAT certificate."
  3. Click Add

app-reg-22.png

Before you finish

The following details should be sent to Pro-Sapien by secure transmission:

  • {Entra-App-PrivateKey}

The .cer file is not required by Pro-Sapien however should be retained for backup purposes.