New-PnPAzureCertificate
SYNOPSIS
Generate a new 2048bit self-signed certificate and manifest settings for use when using CSOM via an app-only ADAL application.
See https://github.com/pnp/powershell/tree/master/samples/SharePoint.ConnectUsingAppPermissions for a sample on how to get started.
KeyCredentials contains the ADAL app manifest sections.
Certificate contains the PEM encoded certificate.
PrivateKey contains the PEM encoded private key of the certificate.
SYNTAX
New-PnPAzureCertificate [-CommonName <String>] [-Country <String>] [-State <String>]
[-Locality <String>] [-Organization <String>] [-OrganizationUnit <String>] [-OutPfx <String>]
[-OutCert <String>] [-ValidYears <Int32>] [-CertificatePassword <SecureString>] [-Store <StoreLocation>] [-SanNames <String[]>]
DESCRIPTION
Allows to create a self-signed certificate and manifest settings to be used with PnP PowerShell via an app-only application registration.
EXAMPLES
EXAMPLE 1
New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer
This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file to disk. The private key file (pfx) will not be password protected. It will have localhost and the machinename as the Subject Alternative Names.
EXAMPLE 2
New-PnPAzureCertificate -CommonName "My Certificate" -ValidYears 30
This will output a certificate named "My Certificate" which expires in 30 years from now to the screen. It will not write the certificate files to disk. It will have localhost and the machinename as the Subject Alternative Names.
EXAMPLE 3
New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer -CertificatePassword (ConvertTo-SecureString -String "pass@word1" -AsPlainText -Force)
This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file to disk. The pfx file will have the password pass@word1 set on it. It will have localhost and the machinename as the Subject Alternative Names.
EXAMPLE 4
New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer -SanNames $null
This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file to disk. There will not be any Subject Alternative Names in the generated certificate.
PARAMETERS
-CertificatePassword
Optional certificate password
Type: SecureString
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-CommonName
Common Name (e.g. server FQDN or YOUR name) [pnp.contoso.com]
Type: String
Parameter Sets: (All)
Required: False
Position: 0Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Country
Country Name (2 letter code)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Locality
Locality Name (eg, city)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Organization
Organization Name (eg, company)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-OrganizationUnit
Organizational Unit Name (eg, section)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-OutCert
Filename to write to, optionally including full path (.cer)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-OutPfx
Filename to write to, optionally including full path (.pfx)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-SanNames
One or more DNS names to add to the certificate as Subject Alternative Names. Separate multiple names with a comma, i.e. "host1.domain.com","host2.domain.com".
Provide $null to not add any Subject Alternative names to the certificate.
Omit to add localhost and the machine name as Subject Alternative Names.
Type: String[]
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-State
State or Province Name (full name)
Type: String
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-ValidYears
Number of years until expiration (default is 10, max is 30)
Type: Int32
Parameter Sets: (All)
Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Store
Local Certificate Store to add the certificate to. Only works on Microsoft Windows.
Type: StoreLocation
Parameter Sets: Generate Certificate
Required: False
Position: Named
Accept pipeline input: False