Skip to content

Allow to call Register-PnPEntraIDApp with a certificate without private key #5134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Allow to call Register-PnPEntraIDApp with a certificate without private key #5134

wants to merge 1 commit into from
+0 −6

Conversation

@jackpoz
Copy link
Contributor

@jackpoz jackpoz commented Oct 25, 2025

Type

  • Bug Fix
  • New Feature
  • Sample

Related Issues?

Fixes #5129

What is in this Pull Request ?

Allow to call Register-PnPEntraIDApp with a certificate without private key, so .cer instead of .pfx .
The private key is not needed when uploading a certificate to an app registration in Entra ID.

Here's the behavior with the PR:
image

The app registration works fine, see below a test case (notice how the pfx is used in this case with Connect-PnPOnline) :
image
@jackpoz jackpoz mentioned this pull request Oct 25, 2025
Open
Copilot AI reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR removes the private key validation check when using an existing certificate with the Register-PnPAzureADApp cmdlet. The removed code ensured that certificates provided via the -CertificatePath parameter contain a private key before proceeding with app registration.

  • Removes the HasPrivateKey validation check for certificates loaded from a file path
  • Eliminates the associated error message that would inform users when their certificate lacks a private key
src/Commands/AzureAD/RegisterAzureADApp.cs
}
catch (CryptographicException e) when (e.Message.Contains("The specified password is not correct"))
{
throw new PSArgumentNullException(nameof(CertificatePassword), $"Failed to import private key certificate. Ensure the correct password is provided for parameter: {nameof(CertificatePassword)}");
Copy link

Copilot AI Oct 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message states 'Failed to import private key certificate' but uses PSArgumentNullException, which is semantically incorrect as this is not about a null argument but rather an incorrect password. Consider using PSArgumentException instead to better reflect the actual error condition. Note: This issue exists in the current code and is not introduced by this PR, but since the surrounding code is being modified, it would be appropriate to fix this as well.

Suggested change
throw new PSArgumentNullException(nameof(CertificatePassword), $"Failed to import private key certificate. Ensure the correct password is provided for parameter: {nameof(CertificatePassword)}");
throw new PSArgumentException($"Failed to import private key certificate. Ensure the correct password is provided for parameter: {nameof(CertificatePassword)}", nameof(CertificatePassword));
Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

1 participant

@jackpoz