This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 31%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello
I have two quick question.
When we add a KeyCredential of type AsymmetricX509Cert in any application-object through graph-api,
Can I add just a public-key OR I have to add the full-x509 certificate ?
If latter is true, then do I have to add the whole chain of certificate OR just my own certificate without worrying about who signed it ?
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Hi
Following post details what you need:
You need both the cert file and the pfx.
Hope this helps
Thanks @Cristian SPIRIDON
That blog was useful. one question, though.
If I want to make key-credential of type "X509CertAndPassword", do i have to send the corresponding public credential i.e., type = AsymmetricX509Cert in the SAME graph request ?
and secondly,
the blog explains with self-sign-cert.
If the app has got the cert from some certificate authority, then I believe I need to base64 the entire certificate-chain while putting in the graph call.
Am I correct ?
Thanks.
Hi,
If you have a signed cert chain you need to send it all in the request.
And AsymetricX509Cert need to be sent in the SAME request.
Hope this helps!
Thanks @Cristian SPIRIDON
I think I got it. So just before wrapping up this thread, if I have a PFX file containing one cert-chain and the corresponding private-key, then I Can NOT upload the PFX file as is.
I need to first separate out the cert-chain and private-key through openSSL command
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
and now I can invoke the graph api and input the output of key.pem and cert.pem to create 2 KeyCreds of type X509CertAndPassword and AsymetricX509Cert respectively.
Of course I will need payload for password-Cred also in the same graph-call.
Am I right ??
Thanks.
Hi,
You are right. You need to send the public certs chain, the private key and the password in the same call.
Let me know if any issues.
sound good.. Thanks @Cristian SPIRIDON for validation.
Appreciate it !!!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 95%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Hello @testuser7 do you need additional assistance? Was the answer helpful? If it was, please accept it and complete the quality survey so that others can find a solution.