Sign the Certificate

In this article we can see how to sign a certificate. This step is essential for doing a Provider Hosted Application in SharePoint 2013.

Pre-Requisites

You have to create an IIS Certificate. I hope you have gone through this step already.

http://www.jeanpaulva.com/index.php/2014/12/01/create-export-certificate/

Steps

Following are the steps involved:

1. Copy the Certificate

2. Sign the Certificate

Copy the Certificate

Now we have to copy the certificate and sign it.

Open the IIS > Certificates.

image

Double click on our certificate.

image

From the Details tab click on the Copy to File.. Option.

image

Select the default options and click the Next button.

image

Please note that the extension is cer.

image

Click the Finish button to complete the copy operation.

Sign the Certificate

Now we need to sign the certificate. We can do this using PowerShell ISE editor.

Open ISE Editor in Administrator mode.

image

Run the following code. (You need to change the certificate path & GUID)

Add-PSSnapin Microsoft.SharePoint.PowerShell

$certPath = “C:\temp\SP2013Certificate.cer”
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
New-SPTrustedRootAuthority -Name “PHASelfSignedCertificate” -Certificate $cert

$realm = Get-SPAuthenticationRealm

$issuerId = “586bb34f-83b9-4dbe-b293-8981441bd7a8”
$issuerIdentifier = $issuerId + ‘@’ + $realm

New-SPTrustedSecurityTokenIssuer -Name “Provider hosted Self Signed Certificate” -Certificate $cert -RegisteredIssuerName $issuerIdentifier
iisreset

$config = Get-SPSecurityTokenServiceConfig
$config.AllowOAuthOverHttp = $true
$config.Update()

image

Signing process is required so that the SharePoint server can trust the second IIS Server which will host the PHA application. In real-world scenarios the certificate exporting & signing should be done with third-party vendors.

References

http://bit.ly/10uiVpB

Summary

In this article we have explored how to sign a certificate for using in PHA application.

Leave a Reply

Your email address will not be published. Required fields are marked *