Creating a self-signed certificate
Before creating the certification you must create an Azure AD (AAD) app registration.
See AAD app registration.
After you have created the app registration, follow these steps to add the certificate:
- Assign SharePoint permissions to the AAD app registration.
- Create a certificate.
- Upload the certificate to the AAD app registration.
Assign permissions to the app registration
Specific SharePoint permissions must be assigned to the app registration. This can only be done through PowerShell. Use this script:
$SiteURL = "https://<YourTenant>.sharepoint.com/sites/IPS"
$AppID = "application ID"
# Found in the Azure App Registration (Called Application (client) ID,
this is the ID for the app registration.)
$TenantID = "tenant ID"
# Found in the Azure App Registration (Called Directory (tenant) ID).
$DisplayName = "IPS" # Found in the Azure App Registration
Connect-PnPOnline -Url $siteurl -Interactive -ClientId $TenantID
Grant-PnPAzureADAppSitePermission -AppId $AppID -DisplayName $DisplayName
-Site $SiteURL -Permissions Write
You must be a Site Collection Admin of the target SharePoint site to run the script.
The -ClientID
switch is unique to a tenant and is used for PnP PowerShell
to run. This is also known as the Directory ID in the app registration in Azure.
Create the certificate
Use this script in PowerShell to create the certificate and export it to a .cer and .pfx file.
$passwordString = "{C=R}pqf@p)%TrYu"
$dnsName = "Specify the host name or domain name"
$certificateName = "Specify a name for the certificate"
$tempFolder = "c:\temp\"
$tempFolder = $tempFolder.TrimEnd('\')
$certFileName = $certificateName + ".cer"
$cerPath = Join-Path $tempFolder -ChildPath $certFileName
$pfxFileName = $certificateName + ".pfx"
$pfxPath = Join-Path $tempFolder -ChildPath $pfxFileName
$cert = New-SelfSignedCertificate -DnsName $dnsName -CertStoreLocation Cert:\CurrentUser\
My Export-Certificate -Cert $cert -FilePath $cerPath
$password = ConvertTo-SecureString -String $passwordString -Force -AsPlainText
Export-PfxCertificate -Cert $cert -FilePath $pfxPath -Password $password
Use the $passwordString
variable to set a unique password. You will use
this password for authentication in Infor Public Sector.
The $dnsName
variable is required. It can be whatever hostname/domain name
you want.
The $cert
variable specifies the certificate name. This will be the
filename of the .cer file.
Upload the certificate to the app registration
To upload the .cer file that you exported from the script above to the app registration, select the Certificates tab in Azure AD. Click and select the .cer file.