Table of Contents

New-PnPAzureCertificate

SYNOPSIS

Generate a new 2048bit self-signed certificate and manifest settings for use when using CSOM via an app-only ADAL application.

See https://github.com/pnp/powershell/tree/master/samples/SharePoint.ConnectUsingAppPermissions for a sample on how to get started.

KeyCredentials contains the ADAL app manifest sections.

Certificate contains the PEM encoded certificate.

PrivateKey contains the PEM encoded private key of the certificate.

SYNTAX

New-PnPAzureCertificate [-CommonName <String>] [-Country <String>] [-State <String>]
 [-Locality <String>] [-Organization <String>] [-OrganizationUnit <String>] [-OutPfx <String>]
 [-OutCert <String>] [-ValidYears <Int32>] [-CertificatePassword <SecureString>] [-Store <StoreLocation>] [-SanNames <String[]>]

DESCRIPTION

Allows to create a self-signed certificate and manifest settings to be used with PnP PowerShell via an app-only application registration.

EXAMPLES

EXAMPLE 1

New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer

This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file to disk. The private key file (pfx) will not be password protected. It will have localhost and the machinename as the Subject Alternative Names.

EXAMPLE 2

New-PnPAzureCertificate -CommonName "My Certificate" -ValidYears 30

This will output a certificate named "My Certificate" which expires in 30 years from now to the screen. It will not write the certificate files to disk. It will have localhost and the machinename as the Subject Alternative Names.

EXAMPLE 3

New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer -CertificatePassword (ConvertTo-SecureString -String "pass@word1" -AsPlainText -Force)

This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file to disk. The pfx file will have the password pass@word1 set on it. It will have localhost and the machinename as the Subject Alternative Names.

EXAMPLE 4

New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer -SanNames $null

This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file to disk. There will not be any Subject Alternative Names in the generated certificate.

PARAMETERS

-CertificatePassword

Optional certificate password

Type: SecureString
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CommonName

Common Name (e.g. server FQDN or YOUR name) [pnp.contoso.com]

Type: String
Parameter Sets: (All)

Required: False
Position: 0Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Country

Country Name (2 letter code)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Locality

Locality Name (eg, city)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Organization

Organization Name (eg, company)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OrganizationUnit

Organizational Unit Name (eg, section)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OutCert

Filename to write to, optionally including full path (.cer)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-OutPfx

Filename to write to, optionally including full path (.pfx)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SanNames

One or more DNS names to add to the certificate as Subject Alternative Names. Separate multiple names with a comma, i.e. "host1.domain.com","host2.domain.com".

Provide $null to not add any Subject Alternative names to the certificate.

Omit to add localhost and the machine name as Subject Alternative Names.

Type: String[]
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-State

State or Province Name (full name)

Type: String
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-ValidYears

Number of years until expiration (default is 10, max is 30)

Type: Int32
Parameter Sets: (All)

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-Store

Local Certificate Store to add the certificate to. Only works on Microsoft Windows.

Type: StoreLocation
Parameter Sets: Generate Certificate

Required: False
Position: Named
Accept pipeline input: False

Microsoft 365 Patterns and Practices

Edit this page