Configure Certificate Authentication

Register and Configure the Azure Application

  1. Go to https://portal.azure.com/ and login with Azure Global Admin user credentials.
  2. Click Azure Active Directory. Go to the desired directory.
  3. From the menu select App Registrations.


  4. New application registration: Click to register a new app.
  5. Name: Enter a name for your app.
  6. Application type: Ensure Web app/API is selected.


  7. Sign-on URL: Enter a URL of your choosing.
    1. (The URL is not used in the SharePoint Online Authorization mechanism, but is a required field for app registration).
  8. Within the app, go to Settings.


  9. Select API ACCESS >Required permissions.
    1. Click Add > Selectan API.
    2. SelectOffice 365 SharePoint Online.


  10. Select Enable Access > APPLICATION PERMISSIONS:
    1. Click Read items in all site collections.


  11. Required Permissions > Grant Permissions: Click to grant the selected permissions.

Add the Certificate Information to the Azure App Registration

  1. Open the Azure app registration you created in the previous steps.
  2. Go to Certificates and secrets.
  3. Add your certificate.

Install the PFX Certificate on the Server where Smart Previews is Installed

  1. Run the Microsoft Management Console (MMC) as an Administrator.
  2. Add the Certificates Snap-in.
  3. Expand the tree to the Trusted Root Certification Authority.

  4. Use the Actions menu to import your PFX certificate.

Important: The user account running the Smart Previews application pool, must have read access to the Trusted Root Certificate store on the local machine.

This user account cannot be Network Service.

Determine the Certificate Distinguished Name

  1. Run Microsoft Management Console (MMC) as an Administrator.
  2. Add the Certificates Snap-in.
  3. Locate the certificate in the Trusted Root Certification Authority and double-click on the certificate name.
  4. From the pop-up window that appears, select Details.
  5. Locate and click on Subject.
  6. Identify in the text box below all the distinguished name components.
  7. Build the distinguished name based on all the components using the following rules:
    1. Remove spaces around equal sign ('=') in every component
    2. If a component value (which goes after the equal sign) contains special characters (like comma, for instance), put the value in double quotes ('"')
    3. Join all the components into single string, separated by comma (',') followed by space (' ') character.

Example: this set of components
CN = contoso.com
OU = Contoso, Inc
C = US
should be transformed to the following string: 
CN=contoso.com, OU="Contoso, Inc", C=US