The certificate we will create makes sure the web app can communicate with SharePoint and Graph in the app only context.
If not in place, extract the file ‘Create.Azure.KeyVault.Cert.ps1’ from the ‘Scripts.zip’ package and place it in the same directory that contains the following files:
- Configure.Make.Online.config
- Configure.Make.Online.ps1
- Mavention.Make.ConsoleUpdater.zip
- Mavention.Make.ConsoleWorker.zip
- Mavention.Make.AdminWorker.zip
- Mavention.Make.Web.zip
The PowerShell script accepts parameter that allow you to set custom values like the KeyVault Name and Validity of the certificate. Open the Script in notepad to see the available parameters described at the top of the file in the comments. Change the name of your key vault at the following place in the script:
[string]$VaultName = “Make”.
Replace the name ‘Make’ for the name of the key vault you’ve created in the paragraph ‘Create a key vault in the resource group’.
When ready run the script with PowerShell. For SubscriptionID fill in the ID of your subscription. This value can be obtained on the top of the overview page of the resource group you created earlier.
By User fill in the email address of the account in which you are logged in to Azure. A login screen will pop-up. Enter your credentials and sign in.
Once the script is finished you will see the keyCredentials in the PowerShell window. Copy the value from the PowerShell window into a notepad and remove the line-end’s so that the ‘value’ property is on a single line.
Figure 1: Key Vault Certificate Script
Important!!! |
The KeyCredentials are valid for 12 months by default. It should be renewed before it expires. Make a note for yourself to renew this key before it expires. |
App registration Manifest
Go to the app registration of Make in your Azure AD. Click on ‘Manifest’ click on Download’ (figure 2).
Figure 2: Download Manifest
Open the file with Notepad and paste the value of the KeyCredentials we formatted earlier in this document.
Change the value of ‘oauth2AllowImplicitFlow’ from false to true. Save the file and upload it again in the app registration of Make.