Creating a self-signed certificate

To use OAuth2 client credentials for authentication in SharePoint, you must create a self-signed certificate.

Before creating the certification you must create an Azure AD (AAD) app registration.

See AAD app registration.

After you have created the app registration, follow these steps to add the certificate:

  1. Assign SharePoint permissions to the AAD app registration.
  2. Create a certificate.
  3. Upload the certificate to the AAD app registration.

Assign permissions to the app registration

Specific SharePoint permissions must be assigned to the app registration. This can only be done through PowerShell. Use this script:

$SiteURL = "https://<YourTenant>.sharepoint.com/sites/IPS"
$AppID = "application ID" 
# Found in the Azure App Registration (Called Application (client) ID, 
this is the ID for the app registration.)
$TenantID = "tenant ID" 
# Found in the Azure App Registration (Called Directory (tenant) ID).
$DisplayName = "IPS" # Found in the Azure App Registration

Connect-PnPOnline -Url $siteurl -Interactive -ClientId $TenantID
Grant-PnPAzureADAppSitePermission -AppId $AppID -DisplayName $DisplayName
-Site $SiteURL -Permissions Write

You must be a Site Collection Admin of the target SharePoint site to run the script.

The -ClientID switch is unique to a tenant and is used for PnP PowerShell to run. This is also known as the Directory ID in the app registration in Azure.

See this link for more information.

Create the certificate

Use this script in PowerShell to create the certificate and export it to a .cer and .pfx file.

$passwordString = "{C=R}pqf@p)%TrYu"
$dnsName = "Specify the host name or domain name"
$certificateName = "Specify a name for the certificate"
$tempFolder = "c:\temp\"

$tempFolder = $tempFolder.TrimEnd('\')

$certFileName = $certificateName + ".cer"
$cerPath = Join-Path $tempFolder -ChildPath $certFileName

$pfxFileName = $certificateName + ".pfx"
$pfxPath = Join-Path $tempFolder -ChildPath $pfxFileName

$cert = New-SelfSignedCertificate -DnsName $dnsName -CertStoreLocation Cert:\CurrentUser\
My Export-Certificate -Cert $cert -FilePath $cerPath

$password = ConvertTo-SecureString -String $passwordString -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath $pfxPath -Password $password

Use the $passwordString variable to set a unique password. You will use this password for authentication in Infor Public Sector.

The $dnsName variable is required. It can be whatever hostname/domain name you want.

The $cert variable specifies the certificate name. This will be the filename of the .cer file.

Upload the certificate to the app registration

To upload the .cer file that you exported from the script above to the app registration, select the Certificates tab in Azure AD. Click Upload Certificate and select the .cer file.