encryptionCertificateId of Microsoft API

Question

I'm trying to register a webhook for microsoft teams in order to get an update once a message is sent over some chat. Apparently the way to do that according to Microsoft API, is to send a request with "encryptionCertificate" as following: Now I'm trying to figure out what should go in the encryptionCertificate field but I have failed to find a clear answer in the documentation. The only thing I figured is that the field contain a base64 encoded "Certificate", which leads me to the same question. What is this certificate and how do I find it.

Anybody who has some experience with MS APIs or knows anything about that and can help ? Much appreciated guys

Here's also some naive tries that I have attempted and what are their results:

1. "encryptionCertificate": "YWJjZGVmZw==", resulted in : Certificate validation error: Cannot find the requested object,

2. "encryptionCertificate": "klsjdaadnkjadn", Certificate validation error: Invalid length for a Base-64 char array or string

3. "encryptionCertificate": null, , Certificate cannot be empty

Answer 1

encryptionCertificate contains base 64 encoded value of the public key.

The requirements for public key are:

• The key must be of type RSA
• The key size must be between 2048 and 4096 bits
• Export the certificate in base64-encoded X.509 format and include only the public key

For example, by using openssl commands

openssl genrsa -out private.key 1024
openssl req -new -x509 -key private.key -out publickey.cer -days 365
openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer

It generates a private key, creates a X509 certificate (.cer file) and exports x509 certificate and private key to a pfx file.

When you create a subscription with encryptionCertificate read the entire publickey.cer file (including the -- Begin certification / End certificate portions) and set base64-encoded content to encryptionCertificate property.

Resources:

Managing encryption keys