Skip to content

active-directory-b2c-create-self-signed-certificate.md

Latest commit

 

History

History
55 lines (44 loc) · 3 KB

active-directory-b2c-create-self-signed-certificate.md

File metadata and controls

55 lines (44 loc) · 3 KB
author kengaderdus
ms.service active-directory-b2c
ms.subservice B2C
ms.topic include
ms.date 11/12/2021
ms.author kengaderdus

If you don't already have a certificate, you can use a self-signed certificate. A self-signed certificate is a security certificate that is not signed by a certificate authority (CA) and doesn't provide the security guarantees of a certificate signed by a CA.

Windows

On Windows, use the New-SelfSignedCertificate cmdlet in PowerShell to generate a certificate.

  1. Run the following PowerShell command to generate a self-signed certificate. Modify the -Subject argument as appropriate for your application and Azure AD B2C tenant name such as contosowebapp.contoso.onmicrosoft.com. You can also adjust the -NotAfter date to specify a different expiration for the certificate.

    New-SelfSignedCertificate `
    -KeyExportPolicy Exportable `
    -Subject "CN=yourappname.yourtenant.onmicrosoft.com" `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -KeyUsage DigitalSignature `
    -NotAfter (Get-Date).AddMonths(12) `
    -CertStoreLocation "Cert:\CurrentUser\My"

  2. On Windows computer, search for and select Manage user certificates

  3. Under Certificates - Current User, select Personal > Certificates>yourappname.yourtenant.onmicrosoft.com.

  4. Select the certificate, and then select Action > All Tasks > Export.

  5. Select Next > Yes, export the private key > Next.

  6. Accept the defaults for Export File Format, and then select Next.

  7. Enable Password option, enter a password for the certificate, and then select Next.

  8. To specify a location to save your certificate, select Browse and navigate to a directory of your choice.

  9. On the Save As window, enter a File name, and then select Save.

  10. Select Next>Finish.

For Azure AD B2C to accept the .pfx file password, the password must be encrypted with the TripleDES-SHA1 option in the Windows Certificate Store Export utility, as opposed to AES256-SHA256.

macOS

On macOS, use Certificate Assistant in Keychain Access to generate a certificate.

  1. Follow the instructions for how to create self-signed certificates in Keychain Access on a Mac.
  2. In the Keychain Access app on your Mac, select the certificate that you created.
  3. Select File > Export Items.
  4. Select a file name to save your certificate. For example: self-signed-certificate.p12.
  5. For File Format, select Personal Information Exchange (.p12).
  6. Select Save.
  7. Enter a password in the Password and Verify boxes.
  8. Replace the file extension to .pfx. For example: self-signed-certificate.pfx.