Associate a certificate with the Entra app ID for BEMS
Entra
app ID for BEMS
You can use an existing certificate from your CA server or the New-SelfSignedCertificate command to create a self-signed certificate. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate.
Verify that you have the app name you assigned in
BEMS
with certificate-based authentication.- If you have a certificate issued by a CA server, go to step 2. Create a self-signed certificate.
- On the computer runningMicrosoft Windows, open theWindows PowerShell.
- Enter the following command:$cert=New-SelfSignedCertificate -Subject "CN=<.app name>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec SignatureWhere <app name> is the name you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.
- PressEnter.
- Export the certificate from the Certificate Manager. This creates the public certificate. Make sure to save the public certificate as a .CER or .PEM.
- On the computer runningWindows, open the Certificate Manager for the logged in user.
- ExpandPersonal.
- ClickCertificates.
- Right-click the <user>@<domain> and clickAll Tasks > Export.
- In theCertificate Export Wizard, clickNo, do not export private key..
- ClickNext.
- SelectBase-64 encoded X.509 (.CER). ClickNext.
- Provide a name for the certificate and save it to your desktop.
- ClickNext.
- ClickFinish.
- ClickOK.
- Upload the public certificate to associate the certificate credentials with theEntraapp ID forBEMS.
- In portal.azure.com, open the <app name> you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.
- ClickSettings > Keys.
- ClickUpload Public Key.
- Click and navigate to the location where you exported the certificate in step 2.
- ClickOpen.
- ClickSave.
Export the certificate in .pfx format using the Manage User Certificate MMC snap-in. Make sure to include the private key. For instructions, visit docs.microsoft.com and read Export a Certificate with the Private Key.