Articles in this section

See more

Configure certificates

Updated
Follow

About this article

TLS X.509 cryptographic certificates are used to encrypt and secure the communication channels between the Templafy Email Signature Server and Exchange Online server over SMTP and Exchange Web Services.

These certificates may be self-signed or issued by a Certificate Authority and packaged in a PKCS #12 archive file.

Objectives

  • Generate the self-signed certificates in PKCS #12 archives
  • Generate key credentials to set in the Manifest of the EWS App registration
  • Files the PowerShell script will generate: 
    azureAppRegistrationCertificate.pfx
azureAppRegistrationCertificatePassword
smtpTlsCertificate.pfx
smtpTlsCertificatePassword
keyCredentials.txt

 

Prerequisites

 
  • PowerShell script

     

  • We recommend using a CA Certificate. A CA Certificate allows you to match to a specific subject name, and Office 365 will not trust destination servers with a Self-signed certificate or a trusted one with a different subject name. By using Self-signed certificates, it should be known that they cannot be invalidated or revoked over time, and they can be "lost" as they are not managed by a public key infrastructure (PKI).

 

Generate the password protected self-signed Certificates

  • Start PowerShell as an Administrator
  • You might need to run Set-ExecutionPolicy Bypass to allow to execute our script
  • Create and navigate to a folder where the Certificate will be stored, then run the PowerShell script
  • A strong password securing the certificates will be generated automatically by the PowerShell script

 

Optional: Provide certificate password

  • If you would like to provide the strong password, add a -PromptForPasswordswitch to the script invocation.
  • > .\generateAndExportSelfSignedCertificateAndKeyCredentials.ps1 -PromptForPassword
     
     
    • Provide a unique password that uses special characters, mixed case, and numbers that is at minimum 15 characters in length.

 

Optional: Provide a pre-generated CA issued certificate in PKCS #12 archive format

  • If you would like to provide a pre-generated certificate, or Certificate Authority issued certificates, add a -CertificatePath <path-to-pfx-archive-file> switch to the script invocation.
  • > .\generateAndExportSelfSignedCertificateAndKeyCredentials.ps1 -CertificatePath <path-to-pfx-archive-file>
  • The five files listed above will be generated as output based on the provided certificate
     
     
    • The provided file must be a certificate packaged in the PKCS #12  (.pfx) archive format.

 

Next steps

 

Related articles

Comments

0 comments

Article is closed for comments.