A while ago I posted a PowerShell script that I use to register a self-signed certificate that started out like this:
If you've tried creating a provider hosted app for SharePoint 2013 on-prem (not in Office 365) you know you likely need to go through some gyrations to set it up for high trust using the server-to-server (S2S) protocol. There's a great article on MSDN that walks you through the details of this (linked below), but it's a pain to have to type all that. Hopefully Visual Studio 2012's SharePoint 2013 & Office 2013 Developer Tools will make our lives easier when we get to RTM, but for now in Beta 2 / Preview, I find it to be a pain.
That script required you to create & export the self-signed certificate (*.cer) and associated private key (*.pfx) using IIS. I always intended to script out the whole thing with Windows PowerShell... and now it's finally done. Here's what I added to the script:
1: # create cert if specified
2: Write-Host3: Write-Host "(4 of 8) Creating new self-signed certificate if specified." -ForegroundColor White
4: if ($CreateNewCert -eq $false){
5: Write-Host " Certificate already created... obtaining reference." -ForegroundColor Gray
6: $certificateFullPath = Join-Path -Path $CertPath -ChildPath $CertName7: } else {
8: # EXE paths
9: $ExeMakeCert = "C:\Program Files\Microsoft Office Servers\15.0\Tools\makecert.exe"
10: $ExeCertManager = "C:\Program Files\Microsoft Office Servers\15.0\Tools\certmgr.exe"
11: 12: # create the certificate
13: $certificateFullPath = Join-Path -Path $CertPath -ChildPath $CertName14: Write-Host " .. creating new certificate at $certificateFullPath" -ForegroundColor Gray
15: & $ExeMakeCert -r -pe -n "CN=$AppDomain" -b 01/01/2012 -e 01/01/2022 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 $certificateFullPath
16: Write-Host " Certificate created at $certificateFullPath" -ForegroundColor Gray
17: 18: # get certificate thumbprint
19: $appCertificate = Get-PfxCertificate -FilePath $certificateFullPath 20: 21: Write-Host " .. adding certificate to local machine root" -ForegroundColor Gray
22: & $ExeCertManager /add $certificateFullPath /s /r localMachine root23: Write-Host " Certificate installed on local machine" -ForegroundColor Gray
24: 25: Write-Host " .. exporting private key for certificate" -ForegroundColor Gray
26: Get-ChildItem cert:\\localmachine\my | Where-Object {$_.Thumbprint -eq $appCertificate.Thumbprint} | ForEach-Object {
27: $CertPfxName = (Get-Item -Path $certificateFullPath).BaseName28: $CertPfxName += ".pfx"
29: $certExportPath = Join-Path -Path $CertPath -ChildPath $CertPfxName30: Write-Host " .. exporting private key for certificate (*.PFK)" -ForegroundColor Gray
31: $certFileByteArray = $_.Export("PFX", $CertPassword)
32: [System.IO.File]::WriteAllBytes($certExportPath, $certFileByteArray)33: Write-Host " Certificate exported" -ForegroundColor Gray
34: } 35: }This generates the following...
(click image for a larger view)
You can see from the first line in the screenshot what you need to pass in to get this to work. If you look at the header in the script you'll see a list of all the parameters and sample values. The script also lets you specify the certificate to use rather than letting it create one for you.
Introducing the first installment to Critical Path Training's SharePoint 2013 Script Library. This is located in the Critical Path Training Members section of our site, specifically in the Code Samples section. A login is required, but it's free to set one up. The script PrepareS2SApp.ps1 does almost everything for you.