Rory Braybrook
Feb 6 · 2 min read

There’s a good article here.

First off, you need a self-signed certificate for testing. I wrote this up. I generally use the Pluralsight utility to generate a .pfx file. Remember the password you have to enter.

Then upload the certificate, change the technical profile and upload the new policy as per the above article.

I was testing to a 3rd party API so I didn’t actually create my own web API.

The problem is that it didn’t work and the B2C errors were sparse.

Enter Postman.

Note that this only works on the Postman application not the Chrome app. version that is due to be deprecated.

As you can see from the article, you need a CRT file and a KEY file not a .pfx file.

To generate these, use OpenSSL. You can get a Windows version from Shining Light.

The commands are:

openssl pkcs12 -in c:\…\B2C.pfx -nocerts -out c:\…\b2c.key
Enter Import Password:
Enter PEM pass phrase:
Verifying — Enter PEM pass phrase:

Here you have to enter the pfx password and then choose a passphrase and verify it. The output is b2c.key.

openssl pkcs12 -in c:\…\B2C.pfx -clcerts -nokeys -out c:\….\b2c.crt
Enter Import Password:

Here you have to enter the pfx password. The output is b2c.crt.

You now have everything you need:

The host URL is the address of the API e.g.

apidev.azure-api.net

When a call is made to this API, Postman will add the certificate.

Note that this connection must be via https.

To confirm this, use the console (Ctl-Alt-C).

https://apidev.azure-api.net/someapi

Client Certificate:

keyPath: “C:\…\b2c.key”

pemPath: “C:\…\b2c.crt”

You now have a way to test the back-end API with certificate authentication (using the same certificate) outside of B2C.

In my experience, if this works, so will B2C.

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Microsoft MVP. Azure AD/B2C/ADFS. Plus Auth0/identityserver. N. Shore .NET UG Admin. Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade