# Register Inforiver App with Certificate

Registering your application is essential for establishing a trust relationship between your application and the Microsoft identity platform. This guide instructs you to register your Inforiver application with a self-signed certificate. 

## Creating a Certificate 

To create a self-signed public certificate, please follow the official documentation [here.](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-self-signed-certificate)

## Registering an application 

The first step in registering an application with the self-signed certificate is to register a new application in your Azure AD. 

1. Log in to your Azure Portal.
2. Click on **Manage Azure Active Directory** from the menu tab.
3. Click **App registrations** in the left sub-menu.
4. Click the **New registration** tab in the top menu bar as shown in the screenshot below. 

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FL3WpkLvQkkLfCLzD4wBB%2Fimage.png?alt=media&#x26;token=f672e5f0-ec8c-4f0f-8e22-d27c0735f730" alt=""><figcaption></figcaption></figure>

5. Enter an application name to be displayed to the users.
6. In the section 'Who can use this application', select **Accounts in this organizational directory only.**
7. You can skip the 'Redirect URI' section for now. We can provide this after getting the URL of the application.
8. Click **Register** to register the application.

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FR74a2OQJeFwYWf5pCJMr%2Fimage.png?alt=media&#x26;token=534ffff5-06f1-461f-ace6-f34f57cf5d7a" alt=""><figcaption></figcaption></figure>

9. Finally, upload your self-signed certificate to the certificate section, as described in the steps below.

* Select **Certificates & secrets > Certificates > Upload certificate**.
* Select the file you want to upload. It must be one of the following file types: *.cer*, *.pem,* or *.crt*.
* Select **Add**.

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FvwOp116DQ5r5H1kB194T%2Fimage.png?alt=media&#x26;token=ec28f050-1eb3-413d-a778-0be89bc5d55c" alt=""><figcaption></figcaption></figure>

* Use the following command to convert the encoding key in proper line format and apply the output in the env variables of the app service.

```sh
awk -v ORS='\\n' '1' test.pem | pbcopy
```

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FsDgOeQVaIWxPmN39Ep1s%2Fimage.png?alt=media&#x26;token=aa5c3247-2c35-4584-a4c1-da147718eff6" alt=""><figcaption><p>sample converted pem file</p></figcaption></figure>

## Environment variables settings

To make changes to your environment, go to your app service's **Environment variables** section.

1. In the Environment variables section, add the following envs:

* O365\_APP\_CERTIFICATE\_CREDENTIALS
* O365\_APP\_PRIVATE\_KEY
* O365\_APP\_CERTIFICATE\_THUMBPRINT

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FZQ6Qspuq2Gk1kJ7P2Kb4%2Fimage.png?alt=media&#x26;token=9d960c5f-6eab-41e3-aebc-2a7769632c76" alt=""><figcaption></figcaption></figure>

2. On **O365\_APP\_CERTIFICATE\_CREDENTIALS**, the value should be the self-signed certificate body. The values should be given as shown below.

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FcjPBIw3EZQoYDZigzAnP%2Fimage.png?alt=media&#x26;token=3665a586-811f-498c-95c0-6ecc4c3bf0d8" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FBEuvnWFUH38TXoaTZwHn%2Fimage.png?alt=media&#x26;token=e2bab5b2-1292-4c46-a51f-21b67e6a748b" alt=""><figcaption></figcaption></figure>

3. The value for **O365\_APP\_PRIVATE\_KEY** should be the self-signed certificate's private key. The values should be given as shown below.

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2F59frxs333R526z1SrbvC%2Fimage.png?alt=media&#x26;token=2971ff77-da24-41d9-a3a5-fd8d4b8fbadb" alt=""><figcaption></figcaption></figure>

<figure><img src="https://4102771481-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Ftn9fmavAcyzaE7MAMP2U%2Fuploads%2FIPY4QhcDjA3NcCA8Gxx7%2Fimage.png?alt=media&#x26;token=43c8e40d-8507-4f15-81ef-016296a5cab3" alt=""><figcaption></figcaption></figure>

4. The value for **O365\_APP\_CERTIFICATE\_THUMBPRINT** should be the thumbprint value of the self-signed certificate. This can be obtained from the Azure AD application - Certificate section.

Once all three environment variables have been added, save the settings, and the app service will restart to reflect the changes.

{% hint style="info" %}
If you use certificate and secrets at the same time, our application will prioritize and authenticate through certificate over secrets.
{% endhint %}

By following the above steps, you can run the Inforiver application registered with the certificate.

#### References:

1. Register app: <https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app>
2. Create self-signed certificate: <https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-self-signed-certificate>