Manage custom certificates

When extending portals functionality using a client-side API call with OAuth 2.0 implicit grant flow, it's best practice to use custom certificates to provide an additional level of security. You can upload you own custom certificates using the Power Apps portals admin center.

Add new certificate

  1. Open the Power Apps portals admin center.

  2. Select Manage custom certificates. The authentication key is displayed along with its expiration date and thumbprint.

  3. Select Add new to upload a new certificate.

  4. Select the upload button underneath File to select a .pfx certificate file. After selecting the file, enter the password for your SSL certificate in the Password field.

  5. Select OK to upload the certificate.

    Upload a Certificate window with Upload file button and password box.

    Note

    The SSL certificate must meet all of the following requirements:

    • Signed by a trusted certificate authority
    • Exported as a password-protected PFX file.
    • Contains private key at least 2048 bits long
    • Contains all intermediate certificates in the certificate chain
    • Must be SHA2 enabled; SHA1 support is being removed from popular browsers
    • PFX file must be encrypted with TripleDES encryption; Power Apps portals doesn't support AES-256 encryption
    • Contains an Extended Key Usage for server authentication (OID = 1.3.6.1.5.5.7.3.1).

    The steps to export SSL certificate as a password-protected PFX file may vary depending on your certificate provider. Check with your certificate provider for recommendation. For example, certain providers may suggest using an OpenSSL third-party tool from OpenSSL or OpenSSL Binaries sites.

    Manage custom certificates tab in the Power Apps portals admin center.