...
See here the documentation how to create a certificate step by step: https://github.com/microsoftgraph/aspnetcore-webhooks-sample/blob/master/KEYVAULT.md
After you creating the certificate, you need to assign it the azure application to allow it to use the certificate.
Go to the certificate that you created in Azure and select add Access Policy
...
2. Under Configure from template choose: Key, Secret and Certificate Management and for Select principal click on none selected and select the application you used for connect to Graph API and save.