Generate certificate for Azure App Registration

0
votes

In the Azure App Registrations portal I need to generate a new certificate to let my domain services access the Graph. I generate a certificate with Powershell like this:

New-SelfSignedCertificate -CertStoreLocation "Cert:\CurrentUser\My" -Subject "CN=sampleAppCert" -KeySpec KeyExchange

The result looks good, but if I want to export this certificate with the certlm.msc to a file, it does not appear in the list.

If I add -DnsName 'my-domain.com' to the parameter list a certificate appears. But regarding the Microsoft docs, this value should be left blank.

In general I am pretty confused to understand the different kinds of certificates and what the parameters mean.

  1. If I use the -DnsName attribute - will this generate a SSL/TLS certificate to secure internet domains?
  2. What does CN stand for instead?
  3. Why is the certificate not appearing in the certlm store? How can I export my generated certificate to use it in the Azure Portal when not using the DnsName attribute.
  4. Are there any recommandable resources to get a better understanding of digital certificates? I am very confused about the whole topic and would like to read something. But especially the microsoft docs are confusing me even more. :(
1
azurecertificatessl-certificate

1 Answers

0
votes

Let me try to answer your queries.

  1. if you will use -DnsName attribute , it will will add SAN ("subject alternative name") to your certificate. you can check the SAN in the details of your certificate.

enter image description here

SAN is basically used to secure multiple domains using single certificate (https://www.geocerts.com/support/ssl-certificate-subject-alternative-names-sans).

Also please note that these are self signed certificates which cannot be used to secure internet domains, for securing internet domains you need certs which are signed by CA like digicerts etc.

  1. CN stands for COMMON NAME , its basically the fully qualified domain name of your website (https://www.entrustdatacard.com/pages/digital-certificate-glossary).

  2. you need to first export your certificate and then import it. you can use Export-PfxCertificate command to export your certificate on disk and then click it to import it.

  3. Start with the basics https://securitywing.com/digital-certificate-how-works/ https://www.jscape.com/blog/an-overview-of-how-digital-certificates-work