cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
Gaolai
Advocate I
Advocate I

How to use client certificate auth in HTTP action in Flow

‎02-20-2018 09:48 PM

I tried to use Client Cert Auth in HTTP action in Flow. But I always got the error either 

The authentication certificate is not formatted correctly. Could not load the certificate.

or 

Could not load the certificate private key. Please check the authentication certificate password is correct and try again.

 

I understand I need put Base64 pfx file, but can anybody share how do you create the Client Certificate that Flow will accept? I tried to use makecert.exe and pvk2pfx.exe to create a client certificate, but when copied the pfx file to my flow, it threw me the first error.

Labels:
Message 1 of 12
11,102 Views
11 REPLIES 11
v-xida-msft
Community Support
Community Support

‎02-27-2018 12:52 AM

Hi @Gaolai,

 

Could you please share a screenshot of your flow's configuration?

 

When you use "HTTP" action with Client Certificate authentication, within Pfx field of "HTTP" action, you should type the Base64-encoded contents representation of your PFX file. Within Password field, type the password to access the PFX file.28.JPG

The parameter format of Client Certificate Authentication as below:

{
    "type": "ClientCertificate",
    "pfx": "aGVsbG8g...d29ybGQ=",
    "password": "xxx..xxx"
}

 

Please check if you have filled proper value within Pfx field and Password field of "HTTP" action.

 

More details about the Client Certificate Authentication, please check the following article:

Client Certificate Authentication

 

Best regards,

Kris

Community Support Team _ Kris Dai
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
Message 2 of 12
11,082 Views
Gaolai
Advocate I
Advocate I
In response to v-xida-msft

‎02-28-2018 12:49 PM

Capture.PNG

 

Hi Kris,

 

Thanks for your reply. This is exactly what we did in our flow. Please refer to the screen shot above. I generated a client cert by using  makecert.exe and pvk2pfx.exe, and copied the whole content from the pfx to the flow. But I got the auth cert is not formatted correctly error. I wonder if the way I put the certificate is correct? How come my pfx content does not look like yours?

 

Thanks,

 

Message 3 of 12
11,063 Views
0 Kudos
Gaolai
Advocate I
Advocate I
In response to Gaolai

‎03-04-2018 08:54 PM

I did a little more research, pfx is a binary file, not base64 encoded file. So I wonder how to generate a base64 encoded pfx file needed by Flow? I tried using openssl to generate client certificate by following this article, https://blog.didierstevens.com/2008/12/30/howto-make-your-own-cert-with-openssl, but Flow just won't take it.

 

Message 4 of 12
11,038 Views
0 Kudos
kpemberton
New Member

‎07-26-2018 11:22 AM

I am facing the same problem in Flow.  I have a base64 encoded version of the certificate where the key is exportable and provided a password but still receive this error message.  Any help from Microsoft would be greatly appreicated.

Message 5 of 12
10,850 Views
0 Kudos
Anonymous
Not applicable
In response to kpemberton

‎11-12-2018 05:21 AM

Hi,

 

Even, we are facing same issue and have asked for help on Microsoft forum as well.. But till now we have not received any response or answer for the same. Please do keep posted if you are able to resolve this.

 

Thanks & Regards

Kritika Singh

Message 6 of 12
10,667 Views
0 Kudos
Pieter_Veenstra
MVP
In response to Anonymous

‎11-13-2018 09:13 AM

Just a thought, Could you upload the certificate file in somethinglike SharePoint. Then run a get file content action to get the content of the certificate. And then use this content to do what you are trying to do?

Message 7 of 12
10,661 Views
0 Kudos
MartinHutchcpa
Helper III
Helper III

‎01-19-2019 01:31 AM

Hi,

Did anybody manage to resolve how to get a base64 version of the pfk generated and used successfully in their flow?

 

Thanks

Message 8 of 12
10,484 Views
mgrachii
Resolver I
Resolver I

‎04-04-2021 08:08 PM

Hello! What I did is using a Power Shell code to get the string that needs to be used in the Pfx field.

 

$pfxpgi = Get-Content "C:\WINDOWS\system32\{your-cert}.pfx" -Encoding Byte
[System.Convert]::ToBase64String($pfxpgi)


Full description of the solution can be found here in case you'd like to take further look

 

https://powergi.net/2021/03/31/active-directory-oauth-in-power-automate-how-to-set-up-certificate-cr...

Message 9 of 12
7,186 Views
AmaliyaMohan
New Member
In response to v-xida-msft

‎06-22-2021 01:02 PM

Hi,

 

I tried encoding the pfx content of the certificate and I still get the same error.

 

AmaliyaMohan_0-1624391827633.png

 

I get the following details from authentication

 

AmaliyaMohan_1-1624391916999.png

Initially, I tried getting the pfx content from Azure Key Vault using get secret action. I used the value field from this action, I tried using Base64 function on the value field and nothing worked for me. So, I replaced it with pfx content directly by setting it in variable called KeyVaultValue which I used inside Base64 function on the above mentioned image.

 

 

 

Thanks!

Message 10 of 12
6,583 Views
0 Kudos
juresti
Continued Contributor
Continued Contributor

‎07-01-2021 11:11 AM

Hello,

 

@Gaolaiyour http action does not look right to me.

Should look like this - not a series of characters.

 

04.PNG

 

The post operation worked for me. I am now able to request bearer tokens that expire and post / get data from my api while the token is active.

 

I was also having a little issue with trying to use the pem and key files.

 

Then I found you need to make a PFX file with openssl, at least that is what I used.

 

So I made the pfx file with open ssl and uploaded to sharepoint.

 

Then I got contents and put the contents in the pfx field inside the formula base64('contents')

 

Works as expected. I would suggest first testing in PostMan to make sure everything is actually working.

 

01.PNG

 

get file content

02.PNG

 

Http returned my access token

03.PNG

Message 11 of 12
6,505 Views
0 Kudos
mgrachii
Resolver I
Resolver I
In response to AmaliyaMohan

‎07-10-2021 07:53 PM

Hi! Try using the pfx content directly but without going to the Base64 step. Did that work?

Message 12 of 12
6,410 Views
0 Kudos

Helpful resources

Announcements
Power Automate News & Announcements

Power Automate News & Announcements

Keep up to date with current events and community announcements in the Power Automate community.

Community Calls Conversations

Community Calls Conversations

A great place where you can stay up to date with community calls and interact with the speakers.

Power Automate Community Blog

Power Automate Community Blog

Check out the latest Community Blog from the community!

View All
Top Solution Authors
View All
Top Kudoed Authors
View All
Users online (3,441)