Closed AlwaysLearningTech closed 1 year ago
andikrueger
commented
1 year ago I just did run the cmdLets to create an AAD App and also to create a certificate. The exported certificate is just used to be uploaded within Azure. Therefore it does not contain any private key.
This is the certificate within the users private cert store. You need to export the certificate manually with the private key in order to be able to use this certificate for authentication.
andikrueger
commented
1 year ago ... or you do not change anything at all and just fill in the blanks with the outputs of the Update-M365DSCAzureAdApplication and run the Export with the certificate within your private store.
AlwaysLearningTech
commented
1 year ago Thank you for your assistance. I see you've replicated my steps and haven't reproduced the issue. I've done additional research, but I'm still not able to move forward. I believe I have some confusion around adding the certificate to the local store. I understand the certificate generated by the cmdLets is just for Azure, where is the cert for the local machine? When I run the export right after generating the app I get an error the cert is missing, and I don't see anything like the certificate in your picture with a private key.
andikrueger
commented
1 year ago Could you try to use the management console to have a look at your local (personal) certificate store?
NikCharlebois
commented
1 year ago Closing due to inactivity.
dhESUK
commented
6 months ago I also have this issue. Used the Update-M365DSCAzureAdApplication command to create the application in my target tenant, and generate the self-signed certificate. Added the generated certificate to my localstore, added the certificatethumbprint to my deployment script.
`[[AADTenantDetails]AADTenantDetails] Getting configuration of AzureAD Tenant Details ClientCertificateCredential authentication failed: The certificate certificate does not have a private key.
Am I missing something obvious?
andikrueger
commented
6 months ago Please export the certificate with the private key (.pfx file) and import it with the private key as well. This will resolve the issue.
dhESUK
commented
6 months ago Please export the certificate with the private key (.pfx file) and import it with the private key as well. This will resolve the issue.
Hi Andi. Thank you for your prompt reply. The CreateSelfSignedCertificate switch doesnt generate a certificate with a private key. Therefore, there is no PK to import/export.
I dont think I've seen this issue previously, where I have managed to import into another tenant using cert authentication.
jonathanrsantos1
commented
2 months ago I fixed the issue by importing the certificate to the Current User directory (not just the Local Machine).
Details of the scenario you tried and the problem that is occurring
Using a fresh VM, installed Microsoft365DSC module. Installed Az.Resources module. Ran Update-M365DSCDependencies and Uninstall-M365DSCOutdatedDependencies. Created AzureAD application and certificate using Update-M365DSCAzureAdApplication. Imported certificate to local machine store. Attempted to export using thumbprint but failed due to certificate not having a private key.
Verbose logs showing the problem
Exporting Microsoft 365 configuration for Components: IntuneAppConfigurationPolicy
Authentication methods specified:
Connect-MgGraph : The certificate certificate does not have a private key. At C:\Program Files\WindowsPowerShell\Modules\MSCloudLoginAssistant\1.0.103\Workloads\MicrosoftGraph.psm1:78 char:21
Authentication needed, call Connect-MgGraph.
Suggested solution to the issue
N/A
The DSC configuration that is used to reproduce the issue (as detailed as possible)
The operating system the target node is running
OsName : Microsoft Windows 10 Pro OsOperatingSystemSKU : 48 OsArchitecture : 64-bit WindowsVersion : 2009 WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406 OsLanguage : en-US OsMuiLanguages : {en-US}
Version of the DSC module that was used ('dev' if using current dev branch)
Current