M365: Resolving error – The private key is not present in the X.509 certificate

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe 🙂 STAY SAFE, STAY HEALTHY,  STAY HOME 🙂

Background : In one of our background job for Teams governance, we were using Microsoft Graph APIs. And we know to use Microsoft Graph APIs we need Access Token. To get the access token we were using Azure App and X.509 Certificate.

We used PowerShell cmdlet – “New-SelfSignedCertificate” – to create self signed certificate. So we have created certificate using this CMDLET and stored in local machine storage. Following is the sample code:

New-SelfSignedCertificate -DnsName "knowledgejunction1.sharepoint.com" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter (Get-Date).AddYears(20) -KeyExportPolicy Exportable -KeySpec Signature

$certificatePath = 'cert:\LocalMachine\My\' + $certificate.Thumbprint 

$securePassword = ConvertTo-SecureString -String $password -Force -AsPlainText 

Export-Certificate -Cert $certificatePath -FilePath ('C:\Cert\mycert'+.cer')  
Export-PfxCertificate -Cert $certificatePath -FilePath ('C:\Cert\mycert' + '.pfx') -Password $securePassword 

In this way we have certificate is ready to my local file system to use 🙂

Following is the sample code to get the access token using Azure APP ID and certificate

X509Certificate2 _azureAppCertificate = new X509Certificate2("certificate path", "certificatepassword", X509KeyStorageFlags.MachineKeySet);

var cac = new ClientAssertionCertificate(Azu_AppId, _azureAppCertificate);

AuthenticationContext auth = new AuthenticationContext(authority);

var authenticationResult = await auth.AcquireTokenAsync(resource, cac);

var accessToken = authenticationResult.AccessToken;

return accessToken;

Here we are getting an exception on line

var authenticationResult = await auth.AcquireTokenAsync(resource, cac);

Exception : The private key is not present in the X.509 certificate

M365 - Calling Graph APIs - Retrieving Access Token - The private key is not present in the X.509 certificate error
Fig : M365 – Calling Graph APIs – Retrieving Access Token – The private key is not present in the X.509 certificate error

Solution : Private key is missing from the certificate. To have private key available, we need to manually import .pfx file in MMC certificates

Following are the detailed steps how to import certificate and making available private key

Step 1 : Open the MMC => in Run dialog type “MMC”. This will open the MMC.

Step 2: Go to the File and Add/Remove Sanp-in… as shown in below Fig. We need to Add “Certificates” snap-in

MMC >> Add/Remove Snap-in... - Adding Certificates snap-in
Fig : MMC >> Add/Remove Snap-in… – Adding “Certificates” snap-in

Step 3: “Add or Remove Snap-ins” dialog will open as shown in below Fig. From available snap-ins please select “Certificates” as shown in below Fig

 MMC >> Add/Remove Snap-in… - Adding "Certificates" snap-in from available snap-ins
Fig : MMC >> Add/Remove Snap-in… – Adding “Certificates” snap-in from available snap-ins

Once we have added “Certificates” snap-ins it will be as shown in below Fig

MMC >> Add/Remove Snap-in… - Added "Certificates" snap-in
Fig: MMC >> Add/Remove Snap-in… – Added “Certificates” snap-in

Step 4: Import our certificate => To import our newly created certificate, right click on “Certificates” and then “All Tasks >> Import…” as shown in below Fig

MMC >> Importing certificate to Certificates snap-in
Fig: MMC >> Importing certificate to Certificates snap-in

Step 5: On click of “Import…“, “Certificates snap-in” dialog will appear as shown in below Fig. Select the option “Computer account” option

MMC >> Importing certificate to Certificates snap-in >> Selecting the account for which certificate is managed
Fig: MMC >> Importing certificate to Certificates snap-in >> Selecting the account for which certificate is managed

Step 5: On click of “Import…“, “Certificates snap-in” dialog will appear as shown in below Fig. Select the option “Computer account” option

MMC >> Importing certificate to Certificates snap-in >> Select Computer option
Fig: MMC >> Importing certificate to Certificates snap-in >> Select Computer option

Step 6: On click of “Finish“, “Certificate Import Wizard” dialog will appear as shown in below Fig., keep selected option “Local Machine” and click on “Next” button

MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> Store Location
Fig: MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> Store Location

Step 7: “Certificate Import Wizard” dialog select the .pfx file which we need to import

MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> File to Import - Selecting .pfx file to import
Fig: MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> File to Import – Selecting .pfx file to import

Step 8: “Certificate Import Wizard” dialog – set the password for the private key and check the option for – making key exportable

MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> Password for private key
Fig: MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> Password for private key

Step 9: “Certificate Import Wizard” dialog – Select the certificate store as shown in below Fig

MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> selecting Certificate store
Fig: MMC >> Importing certificate to Certificates snap-in >> Certificate Import Wizard >> selecting Certificate store

Once our certificate is successfully imported we will get the dialog “The import was successful” as shown in below Fig

MMC >> Importing certificate to Certificates snap-in >> "Certificate Import Wizard" >> Successful import message
Fig: MMC >> Importing certificate to Certificates snap-in >> “Certificate Import Wizard” >> Successful import message

On successful import we could see there is option to “Manage Private Keys…“as shown in below Fig

MMC >> Importing certificate to Certificates snap-in >> Private key is available now - we have option "Manage Private Keys..." option available for our certificate
Fig: MMC >> Importing certificate to Certificates snap-in >> Private key is available now – we have option “Manage Private Keys…” option available for our certificate

One more option to confirm private key is available is, right click on certificate and properties, we will see “message about private key” as shown in below fig

Fig: MMC >> Importing certificate to Certificates snap-in >> Private key is available now – we have private key detail when we right click on certificate >> properties

Thanks for reading 🙂 Feel free to discuss / comment / questions 🙂 SHARING IS CARING 🙂

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂

This site uses Akismet to reduce spam. Learn how your comment data is processed.