Use certificates for authentication

  • Release version: Xanadu
  • Updated April 1, 2025
  • 1 minute to read

    • Request an access token with a certificate credential.

    Before you begin

    1. You can either use a self-signed certificate or CA issued certificate. You can create a self-signed certificate by executing the PowerShell script as outlined in Setting up an Azure AD app for app-only access. The script generates two files: .PFX file and .CER file.
      Note:
      Ensure that you are aware of the password that is used to encrypt private key to generate the .PFX file and .CER file.
    2. Use the .PFX file to create a Java Key Store (JKS) file.
      Note:
      Ensure that you are aware of the password that is used to generate JKS file from the .PFX file.

    Role required: admin

    Procedure

    1. Navigate to App registrations in Azure AD portal.
    2. Click Certificates & secrets from the Manage section.
    3. In the Certificates tab, click Upload Certificate.
    4. On the form, fill these values.
      Field Description
      Upload a certificate (public key) with one of the following file types: .cer, .pem, .crt .CER file you had generated using the PowerShell script.
      Description Description of the certificate.
    5. Click Add.
      The certificate is uploaded and its details are displayed under the Certificates tab.
    6. Copy the Thumbprint value of the uploaded certificate.
      Note:
      The Thumbprint value is a hexadecimal value.
    7. Encode the Thumbprint value to a Base64 value and record the value for later use.
      Note:
      You can use a Hexadecimal to Base64 (Hex to Base64) converter tool to encode the Thumbprint value to a Base64 value.