How to Use MSAL with Certificates on a Linux (Ubuntu) Environment

May 25,2025

vlogize

2016-11-23T10:23:24Z

A step-by-step guide to successfully using MSAL in a Linux environment, particularly focusing on certificate handling and token acquisition.
---
This video is based on the question https://stackoverflow.com/q/70165220/ asked by the user 'vivek mishra' ( https://stackoverflow.com/u/4703040/ ) and on the answer https://stackoverflow.com/a/71186044/ provided by the user 'vivek mishra' ( https://stackoverflow.com/u/4703040/ ) at 'Stack Overflow' website. Thanks to these great users and Stackexchange community for their contributions.

Visit these links for original content and any more details, such as alternate solutions, latest updates/developments on topic, comments, revision history etc. For example, the original title of the Question was: Using MSAL in Linux (ubuntu based) environment

Also, Content (except music) licensed under CC BY-SA https://meta.stackexchange.com/help/licensing
The original Question post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license, and the original Answer post is licensed under the 'CC BY-SA 4.0' ( https://creativecommons.org/licenses/by-sa/4.0/ ) license.

If anything seems off to you, please feel free to write me at vlogize [AT] gmail [DOT] com.
---
Using MSAL in a Linux (Ubuntu) Environment: A Step-by-Step Guide

Are you trying to get access tokens using MSAL (Microsoft Authentication Library) in a Linux-based (Ubuntu) environment? If you've been grappling with how to handle certificates without a certificate store—and encountering frustrating errors—you're not alone. In this guide, we'll clarify this process and provide a straightforward solution to help you successfully obtain access tokens in your Linux environment.

Understanding the Problem

When working with MSAL, especially in an environment like Ubuntu, the usual method of accessing certificates through a certificate store is not applicable because Linux does not maintain a Windows-like certificate store. This often leads to confusion and errors, such as receiving a message indicating that "The certificate doesn't have the private key."

You may have received your certificate in both CER and PFX formats, and after converting the PFX to PEM, you could access the certificate file. However, the challenge arises when trying to utilize that certificate with MSAL.

Key Steps You May Have Taken

Certificate Download:

You uploaded your PEM file as a secure file in Azure DevOps.

Downloaded it in your self-hosted Ubuntu agent.

Accessing the Certificate:

Attempted to access the certificate using PowerShell commands typically designed for environments with a certificate store.

Getting the Error:

Encountered an error when trying to call get-msaltoken.

The Solution: Using the Certificate Correctly

Step 1: Access the PEM File

After downloading the PEM file, access it normally using the appropriate command, like the one you have already used:

[[See Video to Reveal this Text or Code Snippet]]

Step 2: Configure the Certificate

Once you have the certificate in the $Certificate variable, you need to ensure it is correctly initialized to include the private key. This might sound daunting, but it’s a simple line of code. After downloading the certificate, add the following line:

[[See Video to Reveal this Text or Code Snippet]]

This step is crucial as it ensures that the private key is associated with the certificate, enabling you to use it for authentication purposes without hitting errors.

Step 3: Call get-msaltoken

Now that your certificate is properly initialized, you can call the get-msaltoken command without errors related to the private key.

[[See Video to Reveal this Text or Code Snippet]]

Conclusion

By following these steps, you can effectively utilize your certificates in a Linux environment with MSAL, bypassing the limitation of not having a certificate store. Make sure to initialize your certificate correctly to include the private key, and you should be able to get your access tokens without any issues.

If you encounter further problems or have additional questions, feel free to ask in the comments below! Happy coding!

Using MSAL in Linux (ubuntu based) environmentazure devopsazure pipelinesazure ad msal