This is the certificate that will be used on the IIS site to make it SSL enabled site. It’s different from the one to create the STS Security token (High Trust Provider-Hosted App Solution). If the certificate is not created with proper domain associated, you’ll have issues with calling the App Event Receivers. To create the certificate and set it up on IIS, following the instruction below:
- Open Visual Studio Developer Command Prompt and type the following command
(1) Create new certificate
makecert -r -pe -n "CN=devapps.pam.com" -b 01/01/2013 -e 01/11/2015 -eku 184.108.40.206.220.127.116.11.1 -ss my -sr localMachine -sky exchange -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" "D:\SSLCerts\SPAppCertDev.cer"
(2) Add new certificate
certmgr /add "D:\SSLCerts\SPAppCertDev.cer" /s /r localMachine root
*** You need to replace the domain (devapps.pam.com) with your domain and the file path for the new certificate.
- Open MMC.exe and add Certificates snap-in
- Copy the new certificate from “Personal/Certificates” folder to “Trusted Root Certification Authorities/Certificates” folder.
- Open IIS Manager
- Verify your domain certificate is added
- Bind it to your IIS site
- Create Trust Root Authority on SharePoint Central Admin
You can also run PowerShell Script to add a new trust relationship:
#Get the certificate from the hard drive $publicCertificate = Get-PfxCertificate "SPAppCertDev.cer" New-SPTrustedRootAuthority -Name "$($publicCertificate.Subject)_$($publicCertificate.Thumbprint)" -Certificate $publicCertificate
Creating Certificate on a Remote Server
If the server you’re on doesn’t have VS Studio installed, you can create the .cert and .pfx files on a different server and import them manually.
The script below will create the .cer and .pvk files.
makecert -r -pe -n "CN=devapps.*.pam.com" -b 01/01/2013 -e 01/11/2027 -sky exchange -sy 12 -sp "Microsoft RSA SChannel Cryptographic Provider" -sv "D:\SSLCerts\SPSiteTestDev.pvk" "D:\SSLCerts\SPSiteTestDev.cer"
The script below will create the .pfx file from the .cer and .pvk file. The .pfx is needed to import to IIS site.
pvk2pfx -pvk "D:\SSLCerts\SPSiteTestDev.pvk" -spc "D:\SSLCerts\SPSiteTestDev.cer" -pfx "D:\SSLCerts\SPSiteTestDev.pfx" -pi Password