Step 0: (If you do not have an X.509 certificate already) Create a self-issued certificate
You can easily generate a self-issued certificate with the makecert.exe tool.
From the command line, run: makecert -r –pe -n “CN=MyCompanyName MyAppName Cert” -b 12/15/2014 -e 12/15/2016 –ss my –len 2048
Open the Certificates MMC snap-in and connect to your user account. Find the new certificate in the Personal folder and export it to a base64-encoded CER file.
Note: Make sure the key length is at least 2048 when generating the X.509 certificate. Shorter key length are not accepted as valid keys.
Step 1: Get the base64 encoded cert value and thumbprint from a .cer X509 public cert file using PowerShell
Note: The instructions below show using Windows PowerShell to get properties of a x.509 certificate. Other platforms provide similar tools to retrieve properties of certificates.
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cer.Import(“mycer.cer”)
$bin = $cer.GetRawCertData()
$base64Value = [System.Convert]::ToBase64String($bin)
$bin = $cer.GetCertHash()
$base64Thumbprint = [System.Convert]::ToBase64String($bin)
$keyid = [System.Guid]::NewGuid().ToString()
Store the values for $base64Thumbprint, $base64Value and $keyid, to be used in the next step.
Step 2: Upload cert through the manifest file
Log in to the Azure Management Portal (https://manage.windowsazure.com)
Go to the AAD snap-in and there navigate to the application that you want to configure with an X.509 certificate
Download the application manifest file through the Azure Management Portal
Replace the empty “KeyCredentials”: [], property with the following JSON. NOTE: The KeyCredentials complex type is documented here: http://msdn.microsoft.com/en-us/library/azure/dn151681.aspx
“keyCredentials“: [
{
“customKeyIdentifier“: “$base64Thumbprint_from_above”,
“keyId“: “$keyid_from_above“,
“type”: “AsymmetricX509Cert”,
“usage”: “Verify”,
“value”: “$base64Value_from_above”
}
],
e.g.
“keyCredentials“: [
{
“customKeyIdentifier“: “ieF43L8nkyw/PEHjWvj+PkWebXk=”,
“keyId“: “2d6d849e-3e9e-46cd-b5ed-0f9e30d078cc”,
“type”: “AsymmetricX509Cert”,
“usage”: “Verify”,
“value”: “MIICWjCCAgSgAwIBA***omitted for brevity***qoD4dmgJqZmXDfFyQ”
}
],
Save the change to the application manifest file.
Upload the edited application manifest file through the Azure Management Portal.
Optional: Download the manifest again, and see your X.509 cert is present on the application.
こんにちはショーン、はい、私は最初にエラーが発生したときに私が従っていた指示でした。私はまた、マニフェストのダウンロード、編集、再アップロードを試みましたが、インプレース編集ではなく、同じエラーが発生しました。 – Tracy
あなたはどのポータルを使用していますか? https://manage.windowsazure.comで試しましたか? –
新しいAzureポータルと古い管理ポータルの両方で試してみましたが、どちらもそれが発生しています。私のパーミッションに関連しているようにも見えません。 – Tracy