Hi,
Logon to Office 365 using certificates in Windows 10 was quite challenging. The documentation is not very clear on the prerequisites. Windows out-of-the-box only provides means to generate a keypair from a certificate store by export to a protected .pfx file (protection is either by password or Active Directory account). Office 365 CLI does not support using a protected .pfx, nor does it support reading directly from a keystore.
Currently to be able to generate and use a certificate in Windows 10 would require you to generate a unprotected private key file using alternative 3rd party tools like openssl:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
This is not mentioned in the documentation, so it was a bit trial and error to get it to work.
Could this at the very least be updated in the documentation?
It would also be a very nice addition to the toolset if it would be possible to use a protected pfx file directly or - even better - read directly from the personal certificate store.
Regards,
Mark
Hi,
Logon to Office 365 using certificates in Windows 10 was quite challenging. The documentation is not very clear on the prerequisites. Windows out-of-the-box only provides means to generate a keypair from a certificate store by export to a protected .pfx file (protection is either by password or Active Directory account). Office 365 CLI does not support using a protected .pfx, nor does it support reading directly from a keystore.
Currently to be able to generate and use a certificate in Windows 10 would require you to generate a unprotected private key file using alternative 3rd party tools like openssl:
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crtThis is not mentioned in the documentation, so it was a bit trial and error to get it to work.
Could this at the very least be updated in the documentation?
It would also be a very nice addition to the toolset if it would be possible to use a protected pfx file directly or - even better - read directly from the personal certificate store.
Regards,
Mark