#
# Use proper provider so cert is accepted by AAD.
#
New-SelfSignedCertificate `
-Subject "E=dude@localhost,CN=The Dude" `
-CertStoreLocation "cert:\CurrentUser\My" `
-KeyExportPolicy Exportable `
-Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
-KeyAlgorithm RSA `
-KeyLength 4096
Write-Output (Get-Item Cert:\CurrentUser\My\$($servicePrincipalConnection.CertificateThumbprint))
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId "...." `
-ApplicationId "..." `
-CertificateThumbprint "2227B8175402AAF5BD4B5B80D51AB085EF61E7E8"
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS700021: Client assertion application identifier doesn't match 'client_id' parameter.