Skip Navigation

Associate a certificate with the
Entra
app ID for
BEMS

You can use an existing certificate from your CA server or the New-SelfSignedCertificate command to create a self-signed certificate. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate.
Verify that you have the app name you assigned in
BEMS
with certificate-based authentication.
  1. If you have a certificate issued by a CA server, go to step 2. Create a self-signed certificate.
    1. On the computer running
      Microsoft Windows
      , open the
      Windows PowerShell
      .
    2. Enter the following command:
      $cert=New-SelfSignedCertificate -Subject "CN=<
      app name
      >" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature
      .
      Where <
      app name
      > is the name you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.
    3. Press
      Enter
      .
  2. Export the certificate from the Certificate Manager. This creates the public certificate. Make sure to save the public certificate as a .CER or .PEM.
    1. On the computer running
      Windows
      , open the Certificate Manager for the logged in user.
    2. Expand
      Personal
      .
    3. Click
      Certificates
      .
    4. Right-click the <
      user
      >@<
      domain
      > and click
      All Tasks > Export
      .
    5. In the
      Certificate Export Wizard
      , click
      No, do not export private key.
      .
    6. Click
      Next
      .
    7. Select
      Base-64 encoded X.509 (.CER)
      . Click
      Next
      .
    8. Provide a name for the certificate and save it to your desktop.
    9. Click
      Next
      .
    10. Click
      Finish
      .
    11. Click
      OK
      .
  3. Upload the public certificate to associate the certificate credentials with the
    Entra
    app ID for
    BEMS
    .
    1. In portal.azure.com, open the <
      app name
      > you assigned the app in step 5 of Obtain an Azure app ID for BEMS with certificate-based authentication.
    2. Click
      Settings > Keys
      .
    3. Click
      Upload Public Key
      .
    4. Click Folder icon and navigate to the location where you exported the certificate in step 2.
    5. Click
      Open
      .
    6. Click
      Save
      .
Export the certificate in .pfx format using the Manage User Certificate MMC snap-in. Make sure to include the private key. For instructions, visit docs.microsoft.com and read Export a Certificate with the Private Key.