New-PnPAzureCertificate

Tip

We encourage you to make improvements to this documentation. Please navigate to https://github.com/pnp/powershell/blob/dev/documentation/New-PnPAzureCertificate.md to change this file.

Generate a new 2048bit self-signed certificate and manifest settings for use when using CSOM via an app-only ADAL application.

See https://github.com/SharePoint/PnP-PowerShell/tree/master/Samples/SharePoint.ConnectUsingAppPermissions for a sample on how to get started.

KeyCredentials contains the ADAL app manifest sections.

Certificate contains the PEM encoded certificate.

PrivateKey contains the PEM encoded private key of the certificate.

Syntax

New-PnPAzureCertificate
   [-CommonName <String>]
   [-Country <String>]
   [-State <String>]
   [-Locality <String>]
   [-Organization <String>]
   [-OrganizationUnit <String>]
   [-OutPfx <String>]
   [-OutCert <String>]
   [-ValidYears <Int32>]
   [-CertificatePassword <SecureString>]
   [-Store <StoreLocation>]
   [<CommonParameters>]

Examples

EXAMPLE 1

New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer

This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file.

EXAMPLE 2

New-PnPAzureCertificate -CommonName "My Certificate" -ValidYears 30

This will output a certificate named "My Certificate" which expires in 30 years from now.

EXAMPLE 3

New-PnPAzureCertificate -OutPfx pnp.pfx -OutCert pnp.cer -CertificatePassword (ConvertTo-SecureString -String "pass@word1" -AsPlainText -Force)

This will generate a default self-signed certificate named "pnp.contoso.com" valid for 10 years and output a pfx and cer file. The pfx file will have the password pass@word1 set on it.

Parameters

-CertificatePassword

Optional certificate password

Type:SecureString
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-CommonName

Common Name (e.g. server FQDN or YOUR name) [pnp.contoso.com]

Type:String
Position:0Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Country

Country Name (2 letter code)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Locality

Locality Name (eg, city)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Organization

Organization Name (eg, company)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-OrganizationUnit

Organizational Unit Name (eg, section)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-OutCert

Filename to write to, optionally including full path (.cer)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-OutPfx

Filename to write to, optionally including full path (.pfx)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-State

State or Province Name (full name)

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Store

Local Certificate Store to add the certificate to. Only works on Microsoft Windows.

Type:StoreLocation
Position:Named
Accept pipeline input:False
Accept wildcard characters:False
-ValidYears

Number of years until expiration (default is 10, max is 30)

Type:Int32
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False