Follow the steps below to create a certificate for your Entra ID app registration, which is required for backing up Teams Chats data.
- For Windows Users: Use our PowerShell script to generate a certificate and key. Download the script here. Follow the instructions below to run the script.
- For Mac Users: We recommend using OpenSSL to generate a certificate and key. Detailed instructions are provided below.
- If you are creating your own certificate, ensure the following configuration:
- Certificate Format: x509
- Hash Algorithm: SHA-256
- Encryption Algorithm: RSA 2048
Windows Users
Before you get started, download the latest version of the script from the Keepit Support Site: PowerShell Script for Entra ID App Registration.
Save the script locally (e.g., C:\Users\YourUserName\Documents\Multiapp).
Important: Ensure the script is saved locally and not to a cloud service like OneDrive, as this may cause issues.
After downloading the script, rename the file extension to .ps1to make it a PowerShell script.
Follow these steps to generate a certificate with PowerShell:
- Right-click the PowerShell icon and select Run as Administrator.
- Run the following command to allow PowerShell scripts to execute on your PC:
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Note: If you close PowerShell, you will need to run this command again to enable script execution. - Run the following command (ensure it matches the location where your script is saved):
cd C:\Users\(Your user name)\Documents\Multiapp - Run the command:
./generate-self-signed-cert.ps1 - In the PubKeyFileName field, enter a name (e.g., Public) and press Enter.
- In the PrivKeyFileName field, enter a name (e.g., Private) and press Enter.
- Enter a name for the certificate file, followed by the appropriate extension. It can be .cer, .crt, or .pem.
- Enter the following information when prompted:
Country Name (2 letter code) [AU]:
State or province name (full name) [Some-State]:
Locality Name (eg, city):
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organization Unit Name (eg, section) [Engineering]:
Common Name (e.g. server FQDN or YOUR name) [foo.org]:
Email address [[email protected]]:
Note: Ensure the email address entered is linked to your tenant, such as a service account. - Press Enter after providing the information.
The certificate will be generated and saved in the directory where the script is located.
Mac Users
If you are using a Mac, follow these steps using OpenSSL to generate a certificate:
- Generate a self-signed certificate (x509 with rsa 2048 valid for the 2 years) by running the following command:
openssl req -x509 -sha256 -days 730 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt
This will generate two files: privateKey.key and certificate.crt - Upload the certificate.crt in the Certificates & secrets section for the target Application Registration in the Entra ID admin center.
- Remove the passphrase from certificate key by running the following command:
openssl rsa -in privateKey.key -out privateKeyWoPass.key - Use certificate.crt and privateKeyWoPass.key to configure your custom Teams app in Keepit.