Error: The application certificate is not updated for this tenant

Last updated on:

In this page

Issue description

After upgrading to a newer version of ADManager Plus, users may encounter the error:"The application certificate is not updated for this tenant." in the Microsoft365 tenant integration configuration.

This occurs because the new version of ADManager Plus uses certificate-based authentication to fetch data securely. Customers upgrading from an older version must update their Microsoft 365 configuration accordingly.

Possible causes

The Microsoft 365 tenant configuration is missing a valid certificate, which may be expired, invalid, or not uploaded to both ADManager Plus and Azure.

Prerequisites

  • Global Admin access to the Azure portal.
  • Admin access to ADManager Plus.

Resolution

Step 1: Creating a self-signed certificate

If you need a self-signed certificate, follow these steps:

  1. Navigate to the location of the installation folder of ADManager Plus\bin.
  2. Open Windows PowerShell as Administrator.
  3. Run the following command to set execution policy:

    Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force -Scope Process

  4. Execute the Create-selfsignedcertificate.ps1 script.
  5. When prompted, provide:
    • Common Name for the certificate.
    • Start and End Date (yyyy-MM-dd format) for validity.
    • Password
  6. The script generates a .pfx file (contains both public and private keys) in the bin folder.

Step 2: Uploading the certificate

  1. In ADManager Plus portal, upload the .pfx file in the Microsoft 365 configuration settings.
  2. In Azure portal:
    • Log in to portal.azure.com.
    • Navigate to App Registrations.
    • Search for the application using the Client ID (found in ADManager Plus under Directory/Application Settings > Microsoft 365).
    • Upload the .cer file in the Certificates & secrets section.
  3. Copy the Client Secret from Azure and update it as the Application Secret in ADManager Plus.

Tips

  • Regularly update certificates before expiration to prevent authentication failures.
  • Maintain a backup of valid certificates.
  • Use a certificate from a trusted CA if possible to enhance security.

How to reach support

If the issue persists, contact our support team here.