We need to create an Azure Application registration for an application which is only being run internally. The requirements are that it uses certificate authentication and we can't use Self Signed.
I have been referring the the document below for the app registration:
[https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal][1]
My question is should we use a certificate purchased from an external CA or one issued by the company's pki? If the internal option what kind of certificate should be issued and how do we go about issuing it.
I am not overly familiar with issuing certificates from the internal CA, but I have access to the certificate templates and one of the issuing servers. If someone could point me in the right direction to some instructions then that would be good as I have been looking online and not quite getting it.
Best Answer
The choice of what certificate to use is really up to you, you just need to ensure you keep it safe. Given that this certificate is solely used for authentication, and not for providing https then there is not a requirement to use a cert from an external CA, but you can if you want. A cert from an internal CA will work just as well, so long as you can get this certificate installed on the machines that need to use your service principal.