Skip to content

Latest commit

 

History

History
63 lines (43 loc) · 3.17 KB

manage-custom-certificates.md

File metadata and controls

63 lines (43 loc) · 3.17 KB
Raw
title description author ms.topic ms.custom ms.date ms.subservice ms.author ms.reviewer contributors
Add custom certificates
When extending portals functionality using a client-side API call with OAuth 2.0 implicit grant flow, configure custom certificates for added security.
neerajnandwana-msft
conceptual
3/20/2023
nenandw
kkendrick
neerajnandwana-msft
nickdoelman
ProfessorKendrick

Manage custom certificates

When extending Power Pages functionality using a client-side API call with OAuth 2.0 implicit grant flow, it's best practice to use custom certificates to provide an additional level of security. You can upload you own custom certificates using the Power Platform admin center.

Important

You cannot re-use the same custom certificate to set up a custom host name. See SSL Certificates.

Add new certificate

  1. Open the Power Platform admin center.

    1. Under Resources choose Power Pages sites.

    2. Select the site where you want to manage custom certificates. Select Manage from the main menu.

    Or

    1. In the Environments section, select the environment that contains the site you want to manage custom certificates.

    2. In the Resources area, choose Power Pages sites.

    3. Select the site where you want to manage custom certificates. Select Manage from the main menu.

  2. On the site information page, in the Security section, select Custom Certificates.

    :::image type="content" source="media/manage-custom-certificate/manage-custom-certificate.png" alt-text="Manage custom certificates.":::

  3. Select + New to upload a new certificate.

  4. Select the upload button underneath File to select a .pfx certificate file. After selecting the file, enter the password for your SSL certificate in the Password field.

  5. Select OK to upload the certificate.

    [!NOTE] The SSL certificate must meet all of the following requirements:

    • Signed by a trusted certificate authority
    • Exported as a password-protected PFX file.
    • Contains private key at least 2048 bits long
    • Contains all intermediate certificates in the certificate chain
    • Must be SHA2 enabled; SHA1 support is being removed from popular browsers
    • PFX file must be encrypted with TripleDES encryption; Power Pages doesn't support AES-256 encryption
    • Contains an Extended Key Usage for server authentication (OID = 1.3.6.1.5.5.7.3.1).

    The steps to export SSL certificate as a password-protected PFX file may vary depending on your certificate provider. Check with your certificate provider for recommendation. For example, certain providers may suggest using an OpenSSL third-party tool from OpenSSL or OpenSSL Binaries sites.