Downloading the Certificate from UDP and Uploading it to Azure

This section provides information about how to download the certificate from UDP and upload it to the Azure portal.

On the UDP console, while creating a new or existing Office 365 plan for Exchange Online or SharePoint or OneDrive, after selecting the Modern Authentication option, perform one of the following:

Method 1: To generate and download a new self-signed certificate for authentication, follow these steps:

1. To generate a new self signed certificate, select Generate and download a new self signed certificate.
2. Type and retype the certificate password as needed.
3. To download the certificate, click one of the following options:
• Public certificate - Download the certificate to upload it on the Azure portal.
• Private certificate - Download the certificate to save it on your computer for future use.
• Note: After you download the public certificate, the download option for the private certificate gets enabled.
4. Log into the Azure portal.
5. Search for App registrations in the search bar, and then select App registrations.
6. From the list of registered apps, click the application that is created previously in the Configuring an Application in the Azure Portal section.
7. Navigate to Certificates & Secrets, click Upload certificate, browse your existing certificate [.cer file], and then click Add.
8. On the left pane, select API permissions, and then click Grant Admin Consent for <tenant name>.
9. A confirmation message appears.
9. Click Yes.
10. On the UDP console, click Next to proceed for Node Registration.

Method 2: To authenticate using an existing certificate, follow these steps:

Notes:

• When the Use existing certificate option is selected, the user is expected to have their Certificate (.cer file) and Private Key Certificate (.PFX file with password) files, and these certificates can be self signed or signed by a Certifying Authority (CA).
• If the same certificate is used for multiple plan creations, it is enough to upload the certificate only once in the Azure portal.
• If you are using Internet Explorer (IE 11), it blocks to proceed further when you select the Use existing certificate option. To resolve this, see Configure Security Settings of Internet Explorer (IE 11).

1. Log into the Azure portal.
2. Search for App registrations in the search bar, and then select App registrations.
3. From the list of registered apps, click the application that is created previously in the Configuring an Application in the Azure Portal section.
4. Navigate to Certificates & Secrets, click Upload certificate, browse your existing certificate [.cer file], and then click Add.
5. On the left pane, select API permissions, and then click Grant Admin Consent for <tenant name>.
6. A confirmation message appears.
6. Click Yes.
7. Follow these steps from the UDP console:
1. Browse for the Private Key certificate [.PFX file] and enter the password.
2. Click Next to proceed for Node registration.