Connect-PnPOnline using ClientId and self-signed certificate

sharepoint.stackexchange https://sharepoint.stackexchange.com/questions/269197

Question

Does anyone know how to Connect-PnPOnline using Azure AD APP permissions and a self-signed certificate?

Steps:

  • Generated a self-signed certificate. Recorded the password
  • Registered an Azure App. Uploaded a certificate to the app
  • Granted App permissions to the app
  • Granted admin consent

enter image description here

Now, I am trying to connect-PnPOnline using the script below:

    $certificatePassword = 'CERTIFICATE_PASSWORD'
    $secureCertificatePass = ConvertTo-SecureString -String $certificatePassword -AsPlainText -Force

    Connect-PnPOnline `
        -CertificatePath "C:\...\DeploymentApp.pfx" `
        -Tenant <TENANT>.onmicrosoft.com `
        -ClientId fff6667e-1141-4bb5-ba3e-eaaf653975c6 `
        -Url https://<TENANT>.sharepoint.com `
        -CertificatePassword $secureCertificatePass `
        -IgnoreSslErrors

I'm getting an unhelpful error:

Connect-PnPOnline : Exception has been thrown by the target of an invocation. At line:5 char:1 + Connect-PnPOnline ` + ~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-PnPOnline], TargetInvocationException + FullyQualifiedErrorId : System.Reflection.TargetInvocationException,SharePointPnP.PowerShell.Commands.Base.ConnectOnline

Using the latest PowerShell PnP Module: SharePointPnPPowerShellOnline 3.13.1909.0

Can someone recommend something, please?

Update

Found related issue with no resolution yet.

Update

You can try to easily replicate my case:

  • Get these scripts on your local folder.
  • Install Azure CLI on Windows.
  • Right-click on Register_AD_App.bat and "run as administrator".
  • You will be promted to enter an admin account for your Azure AD/Office 365.
  • At the end the app will be registered, consent granted to the SharePoint API permissions.
  • o365AppDetails.json file will be created that contains an auto-generated certificate password. You can use this password for the script for the -CertificatePassword param of the Connect-PnPOnline commandlet.

enter image description here

Update:

I maged to make it work using Thumbprint instead of the CertificatePath: Connect-PnPOnline -Thumbprint '637C2635E1E4478FB48A643B6EEB7F7C8920B7E4' -Tenant tenant.onmicrosoft.com -ClientId fff6667e-1141-4bb5-ba3e-eaaf653975c6 -Url https://tenant.sharepoint.com

But I'm still curious to know how to make CertificatePath work.

Was it helpful?

Solution

I managed to use -CertificatePath by referencing the .cer file instead of the .pfx.

In my case I am using the latest PnP 3.16.1912.0 but now get an error when trying to use the -Thumbprint . . . https://github.com/SharePoint/PnP-PowerShell/issues/2181.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top