Public Certificate Creation using win-acme (Optional)

in order to authenticate using a certificate, both a public and a private key are required the following steps outline how to generate a keystore on the server using win acme and later use keystore explorer to manage the public and private keys this step is optional if the client already has a trusted certificate issued by a recognized certificate authority (ca) download win acme from official website ( https //www win acme com/ https //www win acme com/ ) the downloaded file should be in zip format hence, extract the contents of the file and place them in the middleware server, e g , c /wacs now open command prompt as administrator and navigate to folder location c \wacs execute wacs exe choose "m" from menu type 2 to manually entered all the domain now provide dsn name you can enter multiple seprated by , the next prompt will ask for the friendly name of the generated certificate enter suitable name type 4 to generate a single certificate type 2 for "serve verification files from memory" type 2 for rsa key type 3 to generate pfx archive next provide desired folder path where pfx file will be saved next 1 to not associate a password or 2 to protect pfx with password here i will choose 1 now select 5 for no additional store steps type 3 for no addtional installation steps now it will run generate pfx file in desired location press q to quit now, the pfx file has been generated it is time to extract the public and private keys from it to achieve this, we will use a tool called 'keystore explorer' it can be downloaded from this link ( https //keystore explorer org/downloads html https //keystore explorer org/downloads html ) once downloaded, install it with the default settings open keystore explorer drag and drop the newly generated pfx file onto the keystore explorer window, or choose to open an existing keystore enter the password if provided at the time of pfx creation; otherwise, press enter or click ok you should be able to see the certificate chain details with the dns name right click on the certificate chain, select 'export' → 'export private key' to export the private key for the password, enter the password you provided earlier, or press enter or click ok select 'pcs#8' for the private key export type and click ok next, it will provide an option to encrypt and specify the export file location for this, we will use an unencrypted private key uncheck 'encrypt ' in the 'export file' field, change the folder location and file name click 'export,' and a success message should appear now, generate the public certificate by right clicking, selecting 'export' → 'export certificate chain ' next, select 'entire chain' in the export length, 'x 509' in the export format, and change the folder location and file name in the 'export file' field click on 'export,' and a success message should appear now, go to the folder location, and there should be two files exported the pem file represents the private key, and the cer file is the public certificate the next step is to place those files under the config folder of the middleware installation and modify the init file 'sharepoint cert privatekey path' to the private key path 'sharepoint cert publickey path' to the public certificate path 'sharepoint cert privatekey encrypted' to 'yes' or 'no' if the private key is encrypted 'sharepoint cert privatekey password' to the decrypted private key password via the encryption utility for more details, please refer to the 'sharepoint m365 endpoint' section "