apimicrosoft-graph-apiwebhooksmicrosoft365

encryptionCertificateId of Microsoft API


I'm trying to register a webhook for microsoft teams in order to get an update once a message is sent over some chat. Apparently the way to do that according to Microsoft API, is to send a request with "encryptionCertificate" as following: enter image description here Now I'm trying to figure out what should go in the encryptionCertificate field but I have failed to find a clear answer in the documentation. The only thing I figured is that the field contain a base64 encoded "Certificate", which leads me to the same question. What is this certificate and how do I find it.

Anybody who has some experience with MS APIs or knows anything about that and can help ? Much appreciated guys

Here's also some naive tries that I have attempted and what are their results:

  1. "encryptionCertificate": "YWJjZGVmZw==", resulted in : Certificate validation error: Cannot find the requested object,

  2. "encryptionCertificate": "klsjdaadnkjadn", Certificate validation error: Invalid length for a Base-64 char array or string

  3. "encryptionCertificate": null, , Certificate cannot be empty


Solution

  • encryptionCertificate contains base 64 encoded value of the public key.

    The requirements for public key are:

    For example, by using openssl commands

    openssl genrsa -out private.key 1024
    openssl req -new -x509 -key private.key -out publickey.cer -days 365
    openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer
    

    It generates a private key, creates a X509 certificate (.cer file) and exports x509 certificate and private key to a pfx file.

    When you create a subscription with encryptionCertificate read the entire publickey.cer file (including the -- Begin certification / End certificate portions) and set base64-encoded content to encryptionCertificate property.

    Resources:

    Managing encryption keys