diff --git a/doc/how-to-test-azure-ad-authentication.md b/doc/how-to-test-azure-ad-authentication.md
index 9a1d9b19..19b7848d 100644
--- a/doc/how-to-test-azure-ad-authentication.md
+++ b/doc/how-to-test-azure-ad-authentication.md
@@ -106,7 +106,10 @@ azureuser@azure-vm:~$ openssl req -x509 -nodes -newkey rsa:4096 -keyout client.k
                                     -subj "/C=US/ST=MA/L=Boston/O=Global Security/OU=IT Department/CN=AD-SP"
 azureuser@azure-vm:~$ openssl pkcs12 -export -out client.p12 -inkey client.key -in client.crt \
                                     -passout "pass:$(jq -r '.app_sp_client_secret.value' settings.json)"
-azureuser@azure-vm:~$ export APP_SP_CLIENT_CERT="$PWD/client.p12"
+azureuser@azure-vm:~$ openssl rsa -out client.pem -in client.key \
+                                    -passout "pass:$(jq -r '.app_sp_client_secret.value' settings.json)"
+azureuser@azure-vm:~$ cat client.crt >> client.pem
+azureuser@azure-vm:~$ export APP_SP_CLIENT_CERT="$PWD/client.pem"
 ```
 
 Use the Azure CLI to add the client certificate to the application service principal: