Skip to content

Instantly share code, notes, and snippets.

@mrcunninghamz

mrcunninghamz/SelfSignedCert.md

Last active November 19, 2024 19:11
Show Gist options
  • Save mrcunninghamz/4f4ebbeeb4cfa9667870b8af4db24dc6 to your computer and use it in GitHub Desktop.
Save mrcunninghamz/4f4ebbeeb4cfa9667870b8af4db24dc6 to your computer and use it in GitHub Desktop.
Download ZIP
Creating a self signed certificate in a pfx format on a mac.
Raw
SelfSignedCert.md

Create Self Signed Certificate using OpenSSL on a Mac

Introduction

Every now and then I need to create a self signed certificate in azure for something. In my particular case its Azure B2C. I am using a mac so its not simply just running something like

New-SelfSignedCertificate `
    -KeyExportPolicy Exportable `
    -Subject "CN=yourappname.yourtenant.onmicrosoft.com" `
    -KeyAlgorithm RSA `
    -KeyLength 2048 `
    -KeyUsage DigitalSignature `
    -NotAfter (Get-Date).AddMonths(12) `
    -CertStoreLocation "Cert:\CurrentUser\My"

Also, AD app registrations with certificates want a DER-encoded .cer file. I added some procedures for that below. Azure Key Vault App configuration

Procedure

Create Cert

  • Create a key

    • openssl genrsa -out key.pem 2048

  • Create certifcate signin request

    • openssl req -new -sha256 -key key.pem -out csr.csr
    • enter whatever information you wish, good practice to include a password

  • Create certificate

    • openssl req -x509 -sha256 -days 365 -key key.pem -in csr.csr -out certificate.pem

Convert to .pfx file

openssl pkcs12 -export -inkey key.pem -in certificate.pem -out certificate.pfx

Create DER-encoded CER file

openssl x509 -inform PEM -in certificate.pem -outform DER -out certificate.cer

Get Fingerprint

its important to note the -inform, that's the format.

openssl x509 -noout -fingerprint -sha1 -inform dec -in certificate.cer

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment