$tenantId ="<tenant id>"#use the goabl admin account to loginConnect-AzureRmAccount -Tenant $tenantId$certificateObject = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2$certificateObject.Import("E:\Cert\examplecert.pfx","Password0123!", [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)Write-Host "the thumbrint of cert"$certificateObject.Thumbprint$keyValue = [System.Convert]::ToBase64String($certificateObject.GetRawCertData())$sp =New-AzureRmADServicePrincipal -DisplayName "jimtestsample" -CertValue $keyValue -EndDate $endDate$context=Get-AzureRmContext$token=$context.TokenCache.ReadItems() |Where-Object { ($_.TenantId -eq $tenantId) -and ($_.Resource -eq "https://graph.windows.net/") }$accesstoken=$token.AccessToken$url = "https://graph.windows.net/$tenantId/servicePrincipals/"+$sp.Id+"/keyCredentials?api-version=1.6"$keyCreds = Invoke-RestMethod -Uri $url -Method Get -Headers @{"Authorization" = "Bearer $accesstoken"}Write-Host "--------------------------------------------"$keyCreds.value | Select-Object customKeyIdentifier
get thumbprint of a service principal
mikebai
This person is a lazy dog and has left nothing