Description
Veritas Alta Archiving uses modern app authentication to connect to Exchange Online for user synchronization or folder synchronization.
There are two methods to generate a self-signed cert, for app authentication, documented here by Microsoft (step 3).
- New-SelfSignedCertificate, Export-Certificate and Export-PfxCertificate cmdlets
- Create-SelfSignedCertificate.ps1 from the ExchangeOnlineManagement powershell module
If the Create-SelfSignedCertificate.ps1 script is used, it will create the certificate using the SHA-1 hash algorithm. If there is a requirement to use SHA-2, the first method can be used, but the example given by Microsoft will not work with Veritas Alta Archiving as-is. It will work if the New-SelfSignedCertificate cmdlet's -CertStoreLocation parameter is set with a location under LocalMachine instead of CurrentUser. This method allows greater flexibility as there are more options for generating the certificate, including specifying the hash algorithm.
For example, to create a SHA-2 certificate, the following commands can be used (be sure to run powershell As Administrator).
$mycert = New-SelfSignedCertificate -DnsName "example.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(2) -KeySpec KeyExchange -HashAlgorithm sha256
$mycert | Export-Certificate -FilePath mycert.cer
$mycert | Export-PfxCertificate -FilePath mycert.pfx -Password (ConvertTo-SecureString -String "MyCertPassword" -AsPlainText -Force)
The above commands will export the .pfx and .cer files to the current working directory, but it also stores it in the local machine's certificate store, which is not needed To remove it, run:
$mycert | Remove-Item
The generated .cer file should be uploaded to Azure AD for the registered application used for Veritas Alta Archiving. The .pfx file should then uploaded to Veritas Alta Archiving.
Note: In the above example the pfx password is set to MyCertPassword. This should be set to to a different, secure password.
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.