Associate a certificate with the Entra app ID of UEM for modern authentication
Entra
app ID of UEM
for modern authenticationYou can request and export a new client certificate from your CA server or use a self-signed certificate. The private key must be in .pfx format. The public key can be exported as a .cer or .pem file to upload to
Microsoft Entra ID
.- Complete one of the following tasks:CertificateTaskIf you are using an existing CA server
- Request the certificate. The certificate that you request must include the app name in the subject of the certificate. Where<app name>is the name you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication.
- Export the public key of the certificate as a .cer or .pem file. The public key is used for theEntraapp ID that is created.
- Export the private key of the certificate as a .pfx file.
If you are using a self-signed certificate- Create a self-signed certificate using the New-SelfSignedCertificate command. For more information, see Microsoft Learn: New-SelfSignedCertificate.
- On the computer runningMicrosoft Windows, open theWindows PowerShell.
- Enter the following command:$cert=New-SelfSignedCertificate -Subject "CN=<. Whereapp name>" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature<app name>is the name you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication. The certificate that you request must include theEntraapp name in the subject field.
- PressEnter.
- Export the public key from theMicrosoftManagement Console (MMC). Make sure to save the public certificate as a .cer or .pem file. The public key is used for theEntraapp ID that is created.
- On the computer runningWindows, open the Certificate Manager for the logged in user.
- ExpandPersonal.
- ClickCertificates.
- Right-click the <user>@<domain> and clickAll Tasks > Export.
- In theCertificate Export Wizard, clickNo, do not export private key.
- ClickNext.
- SelectBase-64 encoded X.509 (.cer). ClickNext.
- Provide a name for the certificate and save it to your desktop.
- ClickNext.
- ClickFinish.
- ClickOK.
- Export the private key from theMicrosoftManagement Console (MMC). Make sure to include the private key and save it as a .pfx file.
- On the computer runningWindows, open the Certificate Manager for the logged in user.
- ExpandPersonal.
- ClickCertificates.
- Right-click the <user>@<domain> and clickAll Tasks > Export.
- In theCertificate Export Wizard, clickYes, export private key.
- ClickNext.
- SelectPersonal Information Exchange – PKCS #12 (.pfx). ClickNext.
- Select the security method.
- Provide a name for the certificate and save it to your desktop.
- ClickNext.
- ClickFinish.
- ClickOK.
- In entra.microsoft.com, open the<app name>you assigned the app in step 4 of Add an Entra app and obtain its Entra details for configuring modern authentication. Navigate to the section for certificate management and upload the public certificate (.pem or .cer file) that you exported in step 1 to associate the certificate credentials with theEntraapp ID ofUEM.