In this article we can see how to sign a certificate. This step is essential for doing a Provider Hosted Application in SharePoint 2013.
You have to create an IIS Certificate. I hope you have gone through this step already.
Following are the steps involved:
1. Copy the Certificate
2. Sign the Certificate
Copy the Certificate
Now we have to copy the certificate and sign it.
Open the IIS > Certificates.
Double click on our certificate.
From the Details tab click on the Copy to File.. Option.
Select the default options and click the Next button.
Please note that the extension is cer.
Click the Finish button to complete the copy operation.
Sign the Certificate
Now we need to sign the certificate. We can do this using PowerShell ISE editor.
Open ISE Editor in Administrator mode.
Run the following code. (You need to change the certificate path & GUID)
$certPath = “C:\temp\SP2013Certificate.cer”
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
New-SPTrustedRootAuthority -Name “PHASelfSignedCertificate” -Certificate $cert
$realm = Get-SPAuthenticationRealm
$issuerId = “586bb34f-83b9-4dbe-b293-8981441bd7a8”
$issuerIdentifier = $issuerId + ‘@’ + $realm
New-SPTrustedSecurityTokenIssuer -Name “Provider hosted Self Signed Certificate” -Certificate $cert -RegisteredIssuerName $issuerIdentifier
$config = Get-SPSecurityTokenServiceConfig
$config.AllowOAuthOverHttp = $true
Signing process is required so that the SharePoint server can trust the second IIS Server which will host the PHA application. In real-world scenarios the certificate exporting & signing should be done with third-party vendors.
In this article we have explored how to sign a certificate for using in PHA application.