Create certificate

Submitted by Erik Wegner on

To authorize access to the SharePoint API you have to send a an authorization token. The token contains a cryptographic signature that is validated by the SharePoint server. This procedure needs a certificate, that can be generated by one of the two ways.

Server certificates with IIS

To generate a certificate in the IIS Manager, just follow the steps described in the MSDN. In the end you get a .PFX and a .CER file, that hold the binary version of the private and public parts of the certificate. The private part must be converted into the .PEM format, which can be achieved with openssl:

openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes

Certificate with openssl

Start by generating a new key:

openssl genrsa -des3 -out server.key 2048

Request a certificate from the key:

openssl req -new -key server.key -out server.csr

Remove the password from the key file to keep things simple:

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Now issue the certificate:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

You find the files server.key and server.crt in the current path, again the private and the public part.

The public part has to be converted for using it in the upcoming registration:

openssl x509 -outform der -in server.crt -out server.cer

Find the x5t fingerprint

The fingerprint of the certificate can be shown with this command:

openssl x509 -sha1 -in server.crt -noout -fingerprint

It prints the hex code of the fingerprint. Use this function to convert it to the required form:

g="A1:A5:55:04:EA:13:CA:F3:16:FC:36:7C:4C:C2:F1:50:A1:25:70:DB"
gp = g.split(":")
bytes=[]
for(var i=0; i< gp.length; i++ ){
    bytes.push(parseInt(gp[i], 16))
}

str = String.fromCharCode.apply(String, bytes)

console.log(btoa(str))