sharepoint online – Connect-PnPOnline with the help of ClientId and a self-signed certificate

Does anyone know how Connect-PnPOnline Using Azure AD APP permissions and a self-signed certificate?


  • Generated a self-signed certificate. Registered password
  • Registered an Azure application. Downloaded a certificate on the application
  • Application permissions granted to the application
  • Agreement of the administrator

enter the description of the image here

Now, I'm trying to connect-PnPOnline using the script below:

    $certificatePassword = 'CERTIFICATE_PASSWORD'
    $secureCertificatePass = ConvertTo-SecureString -String $certificatePassword -AsPlainText -Force

    Connect-PnPOnline `
        -CertificatePath "C:...DeploymentApp.pfx" `
        -Tenant `
        -ClientId fff6667e-1141-4bb5-ba3e-eaaf653975c6 `
        -Url `
        -CertificatePassword $secureCertificatePass `

I receive a useless error:

Connect-PnPOnline: an exception was issued by the target of a
invocation. On line: 5 characters: 1
+ Connect-PnPOnline `
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo: NotSpecified: (:) (Connect-PnPOnline), TargetInvocationException
+ FullyQualifiedErrorId: System.Reflection.TargetInvocationException, SharePointPnP.PowerShell.Commands.Base.ConnectOnline

Using the latest PowerShell PnP module: SharePointPnPPowerShellOnline 3.13.1909.0

Can any one recommend anything, please?


Found problem related with no resolution yet.


You can try to easily reproduce my case:

  • Get these scripts on your local folder.
  • Install Azure CLI on Windows.
  • Right-click Register_AD_App.bat and "Run As Administrator".
  • You will be prompted to enter an administrator account for your Azure AD / Office 365.
  • In the end, the application will be saved, consent being granted to the permissions of the SharePoint API.
  • The o365AppDetails.json file containing an automatically generated certificate password will be created. You can use this password for the script of the -CertificatePassword param of the Connect-PnPOnline commandlet.

enter the description of the image here

ubuntu – Certificate failure for self-signed certificate: / when creating a new mail in Rukovoditel 2.5.1

I installed a new Rukovoditel 2.5.1 and after setting up the email account, I found the error in the subject.
Below the configuration details for e-mail:
Receipt of mail
Mail server: mail.domain: 993 / imap / ssl
Password: The password

Mail sending
Use SMTP: No
SMTP server:
SMTP Port: 465
SMTP Encryption: ssl (next to the field, an index "tcp / udp / unix / udg / ssl / tls / tlsv1.0 / tlsv1.1 / tlsv1.2")
SMTP connection:
SMTP password: the password

And this is the output for> dpkg -l | grep -i openssl

root @ server: / home / name # dpkg -l | grep -i openssl
ii libcurl3: amd64 7.47.0-1ubuntu2.13 amd64, easy-to-use client-side URL transfer library (OpenSSL style)
ii libgnutls-openssl27: GNU TLS Library amd64 3.4.10-4ubuntu1.5 – OpenSSL wrapper
ii libxmlsec1-openssl 1.2.20-2ubuntu4 amd64 Openssl Engine for the XML Security Library
ii openssl 1.0.2g-1ubuntu4.15 toolkit Secure Sockets Layer amd64 – encryption utility
ii python-openssl 17.3.0-1 ~ 0 + ubuntu16.04.1 + certbot + 1 all the Python 2 wrapper around the OpenSSL library
ii python3-ndg-httpsclient 0.4.2-1 + certbot ~ xenial + 1 improved HTTPS support for httplib and urllib2 using PyOpenSSL for Python3
ii python3-openssl 17.3.0-1 ~ 0 + ubuntu16.04.1 + certbot + 1 all the Python 3 wrapper around the OpenSSL library
ii ssl-cert 1.0.37 any simple debconf wrapper for OpenSSL
You have a new mail in / var / mail / root

1- Is OpenSL installed or not?
2- Do I have to install openSSL on my server to use the mail server certificate?

linux – Failed to inject git into a self-signed instance of gitlab with the following message: "Unable to load PEM client certificate …. no such file or directory"

I am aware of the existence of this answer, but the answers are not correct. did not work for me.

My configuration

I have a local PFsense firewall in which I created a self-signed root CA, a certification sub-CA signed by the root CA, and a signed gitlab certificate by a sub-certification authority.

On the local gitlab host, a nginx server acting as a reverse proxy is responsible for terminating the ssl connection with clients. It is configured with the certificate and key and works as expected when I https: // to the gitlab instance with my browser.

Again on the gitlab host, I have a repository with commits that I have to push on the gitlab instance on the same host. In the repository The current status of the settings and the current error are as follows:

git config http.sslCAInfo /home/volt/volt-root-ca.crt

ls -al /home/volt/volt-root-ca.crt
-rw-r--r-- 1 volt volt 1428 Jul 25 07:22 /home/volt/volt-root-ca.crt

git push --set-upstream origin master
fatal: unable to access 'https://gitlab.homenetwork/volt/voltT.git/': could not load PEM client certificate, OpenSSL error error:02001002:system library:fopen:No such file or directory, (no key found, wrong pass phrase, or wrong file format?)


I can not post my attempts, it is constantly reported as spam.

Do you have any ideas on how I could continue to debug this?

How to trust a self-signed certificate

According to Why are self-signed certificates not reliable and is there a way to trust them ?, To approve a self-signed certificate, we need to import the root certificate into the trusted browser datastore . Does this mean that I have to distribute to my clients a file, and is it the * .crt file, the * .csr file or the * .key file? What instructions should they follow to import this certificate correctly?

ssl – How to use a self-signed certificate for Visual Studio and IIS Express

I have a site that needs to be accessible via SSL. I use Visual Studio and everything is automatically configured to access the site during development with the help of https: // localhost: port.

Now I have to access the site using the local IP address (, but it does not work. I've used several guides to do it. I have spent several hours, but every time I try to access the site using, a security error is displayed.

Is it possible or not? After many attempts, I wonder if this is really possible in IIS Express.

I love

Authentication – Cross-Signature of Two Self-Signed Root Certification Authorities

I have two self-signed root certification authorities that have been used for separate clusters (say clusters A and B). Both certification authorities are used to sign application certificates in their respective cluster.

However, one of the cluster A applications must access another cluster B application that requires client certificate authentication. The Cluster B application can be configured to trust a certificate authority certificate, which by default is a cluster B root CA.

My initial idea is to have an intermediate cross-certificate authority that will be trusted by the application inside cluster B. This intermediate certification authority will be signed using the root CA of cluster A and the Cluster Root Certification Authority B. Is there a way to do this? he ? Will the application accept the cluster A certificate that is signed only by the cluster A root CA?

tls – What are the differences between checking a self-signed certificate and ignoring it?

If you ignore the certificate verification, anyone who can get the middle position (with the ability to change the traffic) between you and the other system can read / edit the plain text traffic. An attacker will simply break the TLS / SSL tunnel by starting his own TLS server with his self-signed certificate, routing it to you, decrypting it and issuing it on the real server. There are many tools that make this attack quite easy, for example mitmproxy for HTTPS or stunnel in general for TLS / SSL.

An attack can enter the center man's position in different ways. It is therefore difficult to completely exclude an attacker from having any way of winning this position, even if you are a network security expert.

If there is no way to replace the self-signed certificate with a publicly signed certificate, you can manually approve the self-signed certificate by adding it to a Java keystore at the same time. help from key tool and trust this store. This is sometimes called certificate or public key pinning

Certificates – The self-signed signatures I've created for localhost are unreliable, even though I've already imported them into Chrome.

Certificate - Other name of the missing subject
The certificate of this site does not contain any object. Other name
extension containing a domain name or IP address.

This average:

  • the CN does not match Server name
  • And the X509v3 Subject Other name not too much field.
Certificate - missing
A valid trust certificate is missing from this site (net :: ERR_CERT_AUTHORITY_INVALID).

This average:

The server could not be trusted because no valid certificate was provided …
Ok, that would be solved when the first mistake would be resolved!

Think of the means (IP address or DNS name) to connect your server:


https: // $ NOMHOTE /

You can create a certificate with

  • CN = 228.929.123.46 and add DNS.1 = DNS.2 = $ NAME DNS.3 = DNS.4 = DNS.
  • CN = and add DNS.1 = DNS.2 = $ NAME DNS.3 = 228.929.123.46 DNS.4 = DNS.

But if you're on the Internet, you'd better delete the invalid host names, localnet (192.168.x.x) and localip (127.x.x.x)!

  • CN = 228.929.123.46 and add DNS.1 = DNS.2 = Other

And use only the DNS address or the public IP address to reach your server!

Take a look there,

So to see how to do that …

windows – Why the free software is not signed with self-signed certificates?

Signing with a self-signed certificate provides no value for the usual Windows user.
The signature is not valid from a Windows point of view.
The signer's name does not appear in the elevation prompt. People who would be able to verify such a signature are also able to check for example a GPG signature that is more common in the open source community.

Signing with a certificate considered valid in Windows makes sense. The name of the developer is shown in the elevation prompt, at least. But these certificates cost money, even if there are inexpensive options for open source developers.

In addition to the cost, certificates (not self-signed) must contain the name of the certificate owner. Some people would not want this advertisement. In addition, this could be considered a liability for software defects, which many people providing open source code without profit do not want!

.Net WebClient – self-signed certificate

I have two applications (.net) on two web servers.
The first application will have to make a request (via WebClient) to the second and get results.

I need to provide encryption, data integrity and authentication.

Let's say I create a self-signed certificate. I link it to the 2nd application and also add it to the certificate store of my first application (and also add it to my web client).

Will it be enough (security)?