How to Sign a Certificate For Use in PHA Application

Sign Certificate for PHA Server

This article shows how to sign a certificate. This is essential for Provider Hosted Applications in SharePoint 2013.

Prerequisites

You need to create an IIS Certificate before. I hope you have gone through this step before. If not, then please visit Create & Export Certificate .

Steps

The following is the procedure:

  1. Copy the Certificate
  2. Sign the Certificate

Copy the Certificate

Now, copy the certificate and sign it.

Open IIS > Certificates.



Double-click on the certificate.



From the Details tab, click on Copy to File.. The options are as shown in the preceding screenshot.



Select the default option and click on Next.



Please note that here the extension is cer.



Click the Finish button to complete the copy operation.

Sign the Certificate

Now, sign the certificate. We can do this using the PowerShell ISE editor.

Next, Open ISE Editor in Administrator mode.



Now, run the following code (here, you need to change the certificate path and GUID).

Add-PSSnapin Microsoft.SharePoint.PowerShell

  1. $certPath = "C:\temp\SP2013Certificate.cer"  
  2. $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)  
  3. New-SPTrustedRootAuthority -Name "PHASelfSignedCertificate" -Certificate $cert  
  4. $realm = Get-SPAuthenticationRealm  
  5. $issuerId = "586bb34f-83b9-4dbe-b293-8981441bd7a8"  
  6. $issuerIdentifier = $issuerId + '@' + $realm  
  7. New-SPTrustedSecurityTokenIssuer -Name "Provider hosted Self Signed Certificate" -Certificate $cert -RegisteredIssuerName $issuerIdentifier  
  8. iisreset  
  9. $config = Get-SPSecurityTokenServiceConfig  
  10. $config.AllowOAuthOverHttp = $true  
  11. $config.Update()
Note: The signing process is required so that the SharePoint server can trust the second IIS Server that will host the PHA application. In a real-world scenario, the certificate exporting and signing should be done with third-party vendors.

References

Governance overview (SharePoint Server 2010)

Summary

In this article, we have explored how to sign a certificate for use in a PHA application.