Jean Paul's Blog

There are 2 types of People in the World, One who Likes SharePoint and..

    Advertisements
  • Microsoft MVP

  • MindCracker MVP

  • CodeProject MVP

  • eBook on SharePoint 2010

  • eBook on Design Patterns

  • eBook on Windows Azure

  • NLayers Framework @ CodePlex

  • MSDN Forums

  • .Net vs. Java

    Due to Public Demand
  • Advertisements

Sign the Certificate

Posted by Paul on May 8, 2015


In this article we can see how to sign a certificate. This step is essential for doing a Provider Hosted Application in SharePoint 2013.

Pre-Requisites

You have to create an IIS Certificate. I hope you have gone through this step already.

http://www.jeanpaulva.com/index.php/2014/12/01/create-export-certificate/

Steps

Following are the steps involved:

1. Copy the Certificate

2. Sign the Certificate

Copy the Certificate

Now we have to copy the certificate and sign it.

Open the IIS > Certificates.

image

Double click on our certificate.

image

From the Details tab click on the Copy to File.. Option.

image

Select the default options and click the Next button.

image

Please note that the extension is cer.

image

Click the Finish button to complete the copy operation.

Sign the Certificate

Now we need to sign the certificate. We can do this using PowerShell ISE editor.

Open ISE Editor in Administrator mode.

image

Run the following code. (You need to change the certificate path & GUID)

Add-PSSnapin Microsoft.SharePoint.PowerShell

$certPath = “C:tempSP2013Certificate.cer”
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
New-SPTrustedRootAuthority -Name “PHASelfSignedCertificate” -Certificate $cert

$realm = Get-SPAuthenticationRealm

$issuerId = “586bb34f-83b9-4dbe-b293-8981441bd7a8”
$issuerIdentifier = $issuerId + ‘@’ + $realm

New-SPTrustedSecurityTokenIssuer -Name “Provider hosted Self Signed Certificate” -Certificate $cert -RegisteredIssuerName $issuerIdentifier
iisreset

$config = Get-SPSecurityTokenServiceConfig
$config.AllowOAuthOverHttp = $true
$config.Update()

image

Signing process is required so that the SharePoint server can trust the second IIS Server which will host the PHA application. In real-world scenarios the certificate exporting & signing should be done with third-party vendors.

References

http://bit.ly/10uiVpB

Summary

In this article we have explored how to sign a certificate for using in PHA application.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s