AvePoint Learn
記事をリクエストする
サポートに問い合わせる
記事をリクエストする
サポートに問い合わせる
日本語

Home > Appendices > Appendix D - How to Prepare Certificates for the Custom Azure App

Download this article
お知らせ: このページは現在英語のみで提供されています。日本語版は準備中です。ご不便をおかけして申し訳ございません。

Appendix D - How to Prepare Certificates for the Custom Azure App

This section details how to prepare certificate files (.cer file and .pfx file). The .cer file can be used to create custom apps in Azure, and the .pfx file can be used when you Create an App Profile in Custom Mode in AvePoint Online Services.

To prepare self-signed certificate files based on your scenario, choose one of the following methods.

Use a Key Vault in Azure to Prepare Certificates

Before preparing a certificate with this method, make sure you have a key vault in Azure. If you do not have any key vaults, refer to the instructions below to create a key vault. Then, you can continue to prepare the certificates.

NOTE

Make sure you have an Azure subscription that contains Azure Key Vault.

  1. Create a key vault.

    1. In Azure Portal, enter Key vaults in the search box on the top, and then select the first result to access the Key vaults page.

    2. Click Create. The Create a key vault page appears.

    3. In the Basics tab, provide the basic information for the key vault, and then click the Access configuration tab.

    4. In the Permission model section, select Vault access policy.

    5. In the Access policies section, click Create.

    6. The Create an access policy pane appears. In the Secret permissions field, select Get.

    7. Click Next to go to the Principal tab.

    8. In the Principal pane, enter the application name or application ID in the search box.

    9. Select the application and click Next to go to the Application (optional) tab.

    10. In the Application (optional) pane, configure the settings based on your requirements and click Next to proceed.

    11. In the Review + create tab, review all of your configurations first, and then click Create to create the access policy. You will be redirected to the Create a key vault page.

    12. Click Next to go to the Networking tab.

    13. In the Networking pane, select All networks in the Public Access section.

    14. Click Next to go to the Tags tab.

    15. In the Tags pane, you can add tags to categorize your key vault.

    16. Click Review + create to review all of your configurations first, and then click Create at the bottom to create the key vault.

      NOTE

      If you need to change some settings before creating the key vault, you can click the Previous button to change previous settings.

  2. Generate a certificate from the key vault.

    1. On the Key vaults page, select the key vault that you want to generate a certificate from.

    2. Select Certificates > Generate/Import.

      b. Select Certificates > Generate/Import

    3. On the Create a certificate page, complete the required information, and then click Create to create the certificate.

      Create a certificate

    4. In the Certificates list, select the newly created certificate.

    5. Copy the secret identifier for later use.

  3. Click the name of the certificate, and then select the current version of the certificate.

  4. Click Download in CER format and Download in PFX/PEM format to download the certificate files to your local machine.

  5. When you have the certificate (.pfx file), you must set a password to protect the certificate.

    1. Open Windows PowerShell and paste the following script to Windows PowerShell. Replace [Full Path of your pfx certificate file] with the full path of the certificate (.pfx file) in your local machine.

      $pfxPath=[Full Path of your pfx certificatefile] # This command will popup a window, and it will ask you to input a password to protect the certificate. $credential=Get-Credential -Message "Enter a password to protect the certificate." -UserName "any" $pfxdata=Get-PfxData -FilePath $pfxPath Export-PfxCertificate -FilePath $pfxPath -Password $credential.Password -PFXData $pfxdata

    2. Press Enter to execute the script.

  6. The certificate needs to be uploaded to the Azure AD app that is used to connect AvePoint Portal Manager with your Microsoft 365 tenant.

Use IIS Manager to Prepare Certificates

To create the certificates via Internet Information Services (IIS) Manager, complete the following steps:

  1. Go to Administrative Tools > Internet Information Services (IIS) Manager.

  2. Click the server name in the Connections pane and double-click Server Certificates in the right pane.

    IIS Manager

  3. Click Create Self-Signed Certificate in the Actions pane.

  4. Enter a name for the certificate and click OK. The certificate will be listed in the Server Certificates pane.

    The Create Self-Signed Certificate window

  5. Double-click the created certificate and click the Details tab. Click Copy to File to export the certificate.

    The Certificate Details page

  6. In the Certificate Export Wizard window, click Next.

  7. Select the certificate type.

    the Certificate Export Wizard window

    • To export a PFX certificate with a private key, select the Yes, export the private key option.

    • To export a CER certificate, select the No, do not export the private key option.

  8. Click Next. Keep the default option on the page, and click Next.

    If you select to export the private key, you need to enter the password for the certificate and confirm the password. Remember this password, and it will be used when creating the app profile.

  9. Enter a name for the certificate file. You can also click Browse to specify the location where you want to save the certificate.

    Specifying the file name.

  10. Click Next. The certificate information will be displayed.

  11. Click Finish. The certificate file will be exported.

Use Windows PowerShell to Prepare Certificates

To create a self-signed certificate using Windows PowerShell, refer to the following steps:

NOTE

The steps below are based on running Windows PowerShell on a machine with the Windows 10 operating system.

  1. Right-click Windows PowerShell on the machine, and select Run as administrator from the drop-down list.

  2. Refer to the following example to use the New-SelfSignedCertificate cmdlet. To customize the DnsName parameter, replace the string www.contoso.com with your DNS name.

    $certificate = New-SelfSignedCertificate -DnsName "www.contoso.com" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"

    Press Enter on the keyboard.

  3. Refer to the following example to convert your password for the PFX certificate to secure strings. Replace P@ssW0rD! with the plain text string of your password. You must remember this password as it will be used when creating a custom Azure app.

    $certPwd = ConvertTo-SecureString -String "P@ssW0rD!" -Force -AsPlainText

    Press Enter on the keyboard.

  4. Enter the following command, and press Enter on the keyboard.

    $thumbprint = $certificate.Thumbprint

  5. Enter the following command, and press Enter on the keyboard.

    $cerPath = Get-Item Cert:\LocalMachine\My\$thumbprint

  6. Enter the following command and replace c:\user.pfx with the full path of the PFX certificate file you want to create. Press Enter on the keyboard.

    Export-PfxCertificate -Cert $cerPath -Force "c:\user.pfx" -Password $certPwd

  7. Enter the following command and replace c:\user.cer with the full path of the CER certificate file you want to create. Press Enter on the keyboard.

    Export-Certificate -Cert $certificate -FilePath "c:\user.cer"