Generating Self Signed Certificate
These steps shows how you can generate a self signed certificate for authorization purposes on Azure Entra Apps.
- Generate a Private Key
openssl genrsa -out key.pem 2048This creates a 2048-bit RSA private key saved as key.pem.
2. Generate a Certificate Signing Request (CSR)
openssl req -new -key key.pem -out cert.csr
You'll be prompted to enter details like:
- Country Name
- State/Province
- Locality
- Organization Name
- Common Name (use
localhostor your domain) - Email Address
3. Generate a Self-Signed Certificate - selef signed certificate in base64 encoding
openssl x509 -req -days 365 -in cert.csr -signkey key.pem -out cert.pem
This creates a certificate valid for 1 year (365 days) using the private key.
4. (Optional) Convert to PFX Format : Private Key + certificate + key chain
If you need a .pfx file (e.g., for Windows or SharePoint integration):
openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in cert.pem
You’ll be prompted to set a password for the .pfx.
5. Binary Format Public Certificate (Optional) - actual public certificate in binary certificate
You upload the public certificate (not the private key) to the App Registration:
openssl x509 -outform der -in cert.pem -out cert.cer