Sign Certificate for PHA Server
This article shows how to sign a certificate. This is essential for Provider Hosted Applications in SharePoint 2013.
Prerequisites
You need to create an IIS Certificate before. I hope you have gone through this step before. If not, then please visit Create & Export Certificate .
Steps
The following is the procedure:
- Copy the Certificate
- Sign the Certificate
Copy the Certificate
Now, copy the certificate and sign it.
Open IIS > Certificates.
Double-click on the certificate.
From the Details tab, click on Copy to File.. The options are as shown in the preceding screenshot.
Select the default option and click on Next.
Please note that here the extension is cer.
Click the Finish button to complete the copy operation.
Sign the Certificate
Now, sign the certificate. We can do this using the PowerShell ISE editor.
Next, Open ISE Editor in Administrator mode.
Now, run the following code (here, you need to change the certificate path and GUID).
Add-PSSnapin Microsoft.SharePoint.PowerShell
- $certPath = "C:\temp\SP2013Certificate.cer"
- $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
- New-SPTrustedRootAuthority -Name "PHASelfSignedCertificate" -Certificate $cert
- $realm = Get-SPAuthenticationRealm
- $issuerId = "586bb34f-83b9-4dbe-b293-8981441bd7a8"
- $issuerIdentifier = $issuerId + '@' + $realm
- New-SPTrustedSecurityTokenIssuer -Name "Provider hosted Self Signed Certificate" -Certificate $cert -RegisteredIssuerName $issuerIdentifier
- iisreset
- $config = Get-SPSecurityTokenServiceConfig
- $config.AllowOAuthOverHttp = $true
- $config.Update()
Note: The signing process is required so that the SharePoint server can trust the second IIS Server that will host the PHA application. In a real-world scenario, the certificate exporting and signing should be done with third-party vendors.
References
Governance overview (SharePoint Server 2010)SummaryIn this article, we have explored how to sign a certificate for use in a PHA application.