...
See here the documentation how to create a certificate step by step: https://github.com/microsoftgraph/aspnetcore-webhooks-sample/blob/master/KEYVAULT.md
After you creating the certificate, you need to assign it the azure application to allow it to use the certificate.
Go to the certificate that you created in Azure and select add Access Policy
...
Navigate to Key Vault, Access Policies and click Create
In Permissions select “Key, Secret and Certificate Management”, then Next
In Principal look for your application and select it,
Skip to Review and Create and click Create at the bottom