...
See here the documentation how to create a certificate step by step: https://github.com/microsoftgraph/aspnetcore-webhooks-sample/blob/master/KEYVAULT.md
After creating the certificate, you need to assign it the azure application to allow it to use the certificate.
Navigate to Key Vault, Access Policies and click Create
In Permissions select “Key, Secret and Certificate Management”, then Next
In Principal look for your application and select it,
Skip to Review and Create and click Create at the bottom