The new Powershell V2 cmdlet to Exchange Online

Hi.

I'm running 8.1.3 and am trying to connect to Exchange Online with a Powershell script, not Sync Editor.

But I'm getting the following error message:

[System.Management.Automation.RuntimeException] One or more errors occurred.
[Microsoft.Identity.Client.MsalClientException] Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at aka.ms/msal-net-signed-assertion.
[System.Security.Cryptography.CryptographicException] Invalid provider type specified.

This is the command:

Connect-ExchangeOnline -AppId $AppId -Certificate $Certificate -Organization $Organization

Any help would be appreciated!

/Henrik

Top Replies

Parents Reply
  • OneIM does not come with a specific version built-in. The PowerShellComponentNet4 is using PowerShell 3-5.1 (depending on what is installed) and the PowerShellComponent would default to PowerShell 2.

    You cannot enforce OneIM to use a PowerShell version higher than 5.1 as they are based on a different technology than the other PowerShells.

    What could be different is the architecture x86 / x64 between your test and the execution by the JobService and your profile settings (your settings from the account you have tested with vs. the profile settings from the user account the JobService is using).

Children
  • The problem was with the certificate.

    Here is where I found the solution: stackoverflow.com/.../34103154

    Install openssl.

    Convert the certificate's private key from CNG format to RSA.
    Using certlm.msc export the current certificate, or if the original pfx file still exist use that.
    Extract the public keys, including certificate chain:
    OpenSSL pkcs12 -in "oldcertificate.pfx" -nokeys -out "intermediate.cer"
    Extract the private key:
    OpenSSL pkcs12 -in "oldcertificate.pfx" -nocerts -out "intermediate.pem"
    Convert the key to RSA format:
    OpenSSL rsa -inform PEM -in "intermediate.pem" -out "intermediate.rsa"
    Merge into a new pfx file:
    OpenSSL pkcs12 -export -in "intermediate.cer" -inkey "intermediate.rsa" -out "newcertificate.pfx"
    All "intermediate" files can safely be deleted.
    Import the newly created pfx into certlm.msc and assign the user running the scripts read privileges to the private key.