To authorize access to the SharePoint API you have to send a an authorization token. The token contains a cryptographic signature that is validated by the SharePoint server. This procedure needs a certificate, that can be generated by one of the two ways.
Server certificates with IIS
To generate a certificate in the IIS Manager, just follow the steps described in the MSDN. In the end you get a .PFX and a .CER file, that hold the binary version of the private and public parts of the certificate. The private part must be converted into the .PEM format, which can be achieved with openssl:
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
Certificate with openssl
Start by generating a new key:
openssl genrsa -des3 -out server.key 2048
Request a certificate from the key:
openssl req -new -key server.key -out server.csr
Remove the password from the key file to keep things simple:
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Now issue the certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
You find the files server.key and server.crt in the current path, again the private and the public part.
The public part has to be converted for using it in the upcoming registration:
openssl x509 -outform der -in server.crt -out server.cer
Find the x5t fingerprint
The fingerprint of the certificate can be shown with this command:
openssl x509 -sha1 -in server.crt -noout -fingerprint
It prints the hex code of the fingerprint. Use this function to convert it to the required form:
g="A1:A5:55:04:EA:13:CA:F3:16:FC:36:7C:4C:C2:F1:50:A1:25:70:DB"
gp = g.split(":")
bytes=[]
for(var i=0; i< gp.length; i++ ){
bytes.push(parseInt(gp[i], 16))
}
str = String.fromCharCode.apply(String, bytes)
console.log(btoa(str))