Every now and then I need to create a self signed certificate in azure for something. In my particular case its Azure B2C. I am using a mac so its not simply just running something like
New-SelfSignedCertificate `
    -KeyExportPolicy Exportable `
    -Subject "CN=yourappname.yourtenant.onmicrosoft.com" `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -KeyUsage DigitalSignature `
    -NotAfter (Get-Date).AddMonths(12) `
    -CertStoreLocation "Cert:\CurrentUser\My"Also, AD app registrations with certificates want a DER-encoded .cer file. I added some procedures for that below. Azure Key Vault App configuration
- 
Create a key - openssl genrsa -out key.pem 2048
 
- 
Create certifcate signin request - openssl req -new -sha256 -key key.pem -out csr.csr
- enter whatever information you wish, good practice to include a password
 
- 
Create certificate - openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem
 
openssl pkcs12 -export -inkey key.pem -in certificate.pem -out certificate.pfx 
openssl x509 -inform PEM -in certificate.pem -outform DER -out certificate.cer
its important to note the -inform, that's the format.
openssl x509 -noout -fingerprint -sha1 -inform dec -in certificate.cer