Skip to content

Latest commit

 

History

History
51 lines (40 loc) · 2.58 KB

active-directory-b2c-create-self-signed-certificate.md

File metadata and controls

51 lines (40 loc) · 2.58 KB
author ms.service ms.subservice ms.topic ms.date ms.author
msmimart
active-directory-b2c
B2C
include
01/27/2021
mimart

If you don't already have a certificate, you can use a self-signed certificate. A self-signed certificate is a security certificate that is not signed by a certificate authority (CA) and doesn't provide the security guarantees of a certificate signed by a CA.

Windows

On Windows, use PowerShell's New-SelfSignedCertificate cmdlet to generate a certificate.

  1. Execute this PowerShell command to generate a self-signed certificate. Modify the -Subject argument as appropriate for your application and Azure AD B2C tenant name. You can also adjust the -NotAfter date to specify a different expiration for the certificate.

    New-SelfSignedCertificate `
    -KeyExportPolicy Exportable `
    -Subject "CN=yourappname.yourtenant.onmicrosoft.com" `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -KeyUsage DigitalSignature `
    -NotAfter (Get-Date).AddMonths(12) `
    -CertStoreLocation "Cert:\CurrentUser\My"

  2. Open Manage user certificates > Current User > Personal > Certificates > yourappname.yourtenant.onmicrosoft.com.

  3. Select the certificate, and then select Action > All Tasks > Export.

  4. Select Yes > Next > Yes, export the private key > Next.

  5. Accept the defaults for Export File Format.

  6. Provide a password for the certificate.

For Azure AD B2C to accept the .pfx file password, the password must be encrypted with the TripleDES-SHA1 option in Windows Certificate Store Export utility as opposed to AES256-SHA256.

macOS

On macOS, use Certificate Assistant in Keychain Access to generate a certificate.

  1. Follow the instructions for how to create self-signed certificates in Keychain Access on Mac.
  2. In the Keychain Access app on your Mac, select the certificate you created.
  3. Choose File > Export Items.
  4. Select a file name to save your certificate. For example, self-signed-certificate.p12.
  5. For the File Format, select Personal Information Exchange (.p12).
  6. Select Save.
  7. Enter a Password, and then Verify the password.
  8. Replace the file extension to .pfx. For example, self-signed-certificate.pfx.