1. Open PowerShell as administrator
  2. Run the following command:
C:\Users\user01> New-SelfSignedCertificate -Subject “CN=OrgCert1234” -CertStoreLocation “cert:\LocalMachine\My”

Now, what we have to do is obtain the private key certificate file to be able to upload it to Azure:

  1. Press the windows key
  2. Type Manage Computer Certificates and press Enter
  3. Go to Personal (on the left), then Certificates
  4. Double-click on the certificate you created
  5. Go to Details
  6. Press the button “Copy to File …”
  7. Click Next
  8. Click on “Yes, export the private key”, then Next
  9. Click Next
  10. Click on Password, and enter a password (write down the password, we will need it)
  11. In Encryption, select TripleDESH-SHA1, click Next
  12. Select where you want to export your certificate, next and Finish

pfx Private Key Certificates will be created. Upload this file Azure.

Uploading the Certificate to Azure

To upload the newly created certificate we will do the following:

  1. Go to your Azure App Service
  2. Go to TLS / SSL settings
  3. Click on Private Key Certificates (.pfx)
  4. Click on Upload Certificate
  5. Select the pfx file you created
  6. Insert the password that we used in the previous section
  7. Click on Upload

If the upload is successful, you should see the certificate on the screen. If you click on it, you will see its details. We will need two of these fields, the Thumbprint and the Subject Name. Save both, because we will need them.


We need to give Azure App Service permission to use the newly uploaded certificate. For that:

  1. Go to Configuration in the menu of your Azure App Service
  2. Click on New application setting
  4. In Value, put the Thumbprint that you copied from the previous section.
  5. Click Ok, and don’t forget to click Save


Value xxxxxxxxx

Configuring the Project

Finally, we must configure our application to use the certificate. You can do this in the following way:

  1. In your Server project, go to appsettings.json
  2. Put the following code inside the IdentityServer section:


  "IdentityServer": {
    "Clients": {
      "MyProject01.Client": {
        "Profile": "IdentityServerSPA"
    "Key": {
      "Type": "Store",
      "StoreName": "My",
      "StoreLocation": "CurrentUser",
      "Name": "CN=OrgCert1234"
Last modified: December 17, 2022



Write a Reply or Comment