Associate a certificate with the Azure app ID for UEM
Azure
app ID for UEMYou can request and export a new client certificate from your CA server or use a self-signed certificate. The private key must be in .pfx format. The public key can be exported as a .cer or .pem file to upload to
Microsoft
Azure
.- Complete one of the following tasks:CertificateTaskIf you are using an existing CA server
- Request the certificate. The certificate that you request must include the app name in the subject of the certificate. Where <app name> is the name you assigned the app in step 4 of Add an app and obtain Azure details for configuring modern authentication.
- Export the public key of the certificate as a .cer or .pem file. The public key is used for theAzureapp ID that is created.
- Export the private key of the certificate as a .pfx file.
If you are using a self-signed certificate- Create a self-signed certificate using the New-SelfSignedCertificate command. For more information, visit docs.microsoft.com and read New-SelfSignedCertificate.
- On the computer runningMicrosoft Windows, open theWindows PowerShell.
- Enter the following command:$cert=New-SelfSignedCertificate -Subject "CN=<. Where <app name>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signatureapp name> is the name you assigned the app in step step 4 of Add an app and obtain Azure details for configuring modern authentication. The certificate that you request must include theAzureapp name in the subject field.
- PressEnter.
- Export the public key from theMicrosoftManagement Console (MMC). Make sure to save the public certificate as a .cer or .pem file. The public key is used for theAzureapp ID that is created.
- On the computer runningWindows, open the Certificate Manager for the logged in user.
- ExpandPersonal.
- ClickCertificates.
- Right-click the <user>@<domain> and clickAll Tasks > Export.
- In theCertificate Export Wizard, clickNo, do not export private key.
- ClickNext.
- SelectBase-64 encoded X.509 (.cer). ClickNext.
- Provide a name for the certificate and save it to your desktop.
- ClickNext.
- ClickFinish.
- ClickOK.
- Export the private key from theMicrosoftManagement Console (MMC). Make sure to include the private key and save it as a .pfx file. For instructions, visitdocs.microsoft.com and read Export a Certificate with the Private Key.
- On the computer runningWindows, open the Certificate Manager for the logged in user.
- ExpandPersonal.
- ClickCertificates.
- Right-click the <user>@<domain> and clickAll Tasks > Export.
- In theCertificate Export Wizard, clickYes, export private key.
- ClickNext.
- SelectPersonal Information Exchange – PKCS #12 (.pfx). ClickNext.
- Select the security method.
- Provide a name for the certificate and save it to your desktop.
- ClickNext.
- ClickFinish.
- ClickOK.
- Upload the public certificate (.pem or .cer file) that you exported in step 1 to associate the certificate credentials with theAzureapp ID for UEM.
- In portal.azure.com, open the <app name> you assigned the app in step 4 of Add an app and obtain Azure details for configuring modern authentication.
- ClickCertificates & secrets.
- In theCertificatessection, clickUpload certificate.
- In theSelect a filesearch field, navigate to the location where you exported the certificate.
- ClickAdd.