Certificate used while creating a Provider Hosted Application in SharePoint 2013

Sathish Nadarajan
Solution Architect
March 25, 2014
Rate this article
[Total: 0    Average: 0/5]

In the article, we saw the step by step approach to create a provider hosted application. But on that, while creating an app from visual studio, we are giving a certificate and an Issuer ID. I thought of explaining it to the community for a long time. But we forgot and moved to other areas. Now, it’s time to look in to that.

I request the readers to have a look on the above mentioned article to make sure that we are on the same track.

A quick walk through is, on the step number 5, we need to provide a pfx file and an issuer ID.


This issuer ID will be added automatically on the web.config of our provider hosted application. The steps to create and make use of this are as follows.

1. Create a Self Signed Certificate from InetMgr. Please refer here.

2. Export the certificate and create the PFX with a password.

3. Now, we need to create the Issuer ID.

To create Issuer ID, go to the Appregnew.aspx page. The full URL will be something like, https://MyServer/sites/MySiteCollection/_layouts/15/Appregnew.aspx.


Once, we give the IssuerID, the web.config of the app will looks like

 <add key="ClientSigningCertificatePath" value="C:\MyCertificate.pfx"/>
 <add key="ClientSigningCertificatePassword" value="****"/>
 <add key="IssuerId" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx"/>

4. Register the Issuer ID to create a new Trusted Identity Token Issuer using the PowerShell script.

5. The following script will do that.

 //Registering a Issuer ID 1dfc02bc-ff74-4604-b295-b58860cba1f9
 Add-PSSnapin "Microsoft.SharePoint.PowerShell"
 $issuerID = " xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx "
 $targetSiteUrl = "https://MyWebApplication:3000/sites/DeveloperSite/"
 $targetSite = Get-SPSite $targetSiteUrl
 $realm = Get-SPAuthenticationRealm -ServiceContext $targetSite
 $registeredIssuerName = $issuerID + '@' + $realm
 $publicCertificatePath = "C:\Certs\MyCert.cer"
 $publicCertificate = Get-PfxCertificate $publicCertificatePath
 Write-Host "Create Security token issuer"
 $secureTokenIssuer = New-SPTrustedSecurityTokenIssuer -Name $issuerID -RegisteredIssuerName $registeredIssuerName -Certificate $publicCertificate -IsTrustBroker
 $secureTokenIssuer | select *
 $secureTokenIssuer  | select * | Out-File -FilePath "SecureTokenIssuer.txt"
 #Turn off the HTTPS requirement for OAuth during development
 $serviceConfig = Get-SPSecurityTokenServiceConfig
 $serviceConfig.AllowOAuthOverHttp = $true
 Write-Host "All done..."

Happy Coding.

Sathish Nadarajan.

Author Info

Sathish Nadarajan
Solution Architect
Rate this article
[Total: 0    Average: 0/5]
Sathish is a Microsoft MVP for SharePoint (Office Servers and Services) having 13+ years of experience in Microsoft Technologies. He holds a Masters Degree in Computer Aided Design and Business ...read more

Leave a comment