Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY,  STAY HOME 🙂

Background : In one of our background job for Teams governance, we were using Microsoft Graph APIs. And we know to use Microsoft Graph APIs we need Access Token. To get the access token we were using Azure App and X.509 Certificate.

We used PowerShell cmdlet – “New-SelfSignedCertificate” – to create self signed certificate. So we have created certificate using this CMDLET and stored in local machine storage. Following is the sample code:

New-SelfSignedCertificate -DnsName "knowledgejunction1.sharepoint.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(20) -KeyExportPolicy Exportable -KeySpec Signature

$certificatePath = 'cert:\LocalMachine\My\' + $certificate.Thumbprint 

$securePassword = ConvertTo-SecureString -String $password -Force -AsPlainText 

Export-Certificate -Cert $certificatePath -FilePath ('C:\Cert\mycert'+.cer')  
Export-PfxCertificate -Cert $certificatePath -FilePath ('C:\Cert\mycert' + '.pfx') -Password $securePassword 

In this way we have certificate is ready to my local file system to use 🙂

Following is the sample code to get the access token using Azure APP ID and certificate

X509Certificate2 _azureAppCertificate = new X509Certificate2("certificate path", "certificatepassword", X509KeyStorageFlags.MachineKeySet);

var cac = new ClientAssertionCertificate(Azu_AppId, _azureAppCertificate);

AuthenticationContext auth = new AuthenticationContext(authority);

var authenticationResult = await auth.AcquireTokenAsync(resource, cac);

var accessToken = authenticationResult.AccessToken;

return accessToken;

Here we are getting an exception on line

var authenticationResult = await auth.AcquireTokenAsync(resource, cac);

Exception : The private key is not present in the X.509 certificate

Solution : Private key is missing from the certificate. To have private key available, we need to manually import .pfx file in MMC certificates

Following are the detailed steps how to import certificate and making available private key

Step 1 : Open the MMC => in Run dialog type “MMC”. This will open the MMC.

Step 2: Go to the File and Add/Remove Sanp-in… as shown in below Fig. We need to Add “Certificates” snap-in

Step 3: “Add or Remove Snap-ins” dialog will open as shown in below Fig. From available snap-ins please select “Certificates” as shown in below Fig

Once we have added “Certificates” snap-ins it will be as shown in below Fig

Step 4: Import our certificate => To import our newly created certificate, right click on “Certificates” and then “All Tasks >> Import…” as shown in below Fig

Step 5: On click of “Import…“, “Certificates snap-in” dialog will appear as shown in below Fig. Select the option “Computer account” option

Step 5: On click of “Import…“, “Certificates snap-in” dialog will appear as shown in below Fig. Select the option “Computer account” option

Step 6: On click of “Finish“, “Certificate Import Wizard” dialog will appear as shown in below Fig., keep selected option “Local Machine” and click on “Next” button

Step 7: “Certificate Import Wizard” dialog select the .pfx file which we need to import

Step 8: “Certificate Import Wizard” dialog – set the password for the private key and check the option for – making key exportable

Step 9: “Certificate Import Wizard” dialog – Select the certificate store as shown in below Fig

Once our certificate is successfully imported we will get the dialog “The import was successful” as shown in below Fig

On successful import we could see there is option to “Manage Private Keys…“as shown in below Fig

One more option to confirm private key is available is, right click on certificate and properties, we will see “message about private key” as shown in below fig

Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂