Application Proxy - Update Web Certificate for own URL

[plesen85]

I need to update a web certificate (PFX with password) for my application using Microsoft Graph Beta API. The certificate is used in Azure AD App Proxy and must be stored securely with a password.

I understand that the certificate may need to be set under:

1. verifiedCustomDomainCertificatesMetadata (for domain verification)
2. verifiedCustomDomainKeyCredential or keyCredentials (if required for authentication)
3. verifiedCustomDomainPasswordCredential (to store the PFX password)

However, I'm unable to retrieve or update these values correctly.

What I Have Tried:

1. Retrieve Existing Certificate Metadata (No Data Returned)

`$applicationId = ""

$application = Get-MgBetaApplication -Filter "appId eq '$applicationId'"
$application`

Result: No key credentials or certificate metadata returned.

Questions:

1. Where should the PFX certificate and password be stored?
   keyCredentials
   verifiedCustomDomainCertificatesMetadata
   verifiedCustomDomainKeyCredential
   verifiedCustomDomainPasswordCredential
   any other Command / Property

2. Are there specific API permissions required for this update?
   I have "Application.ReadWrite.All" and "Directory.ReadWrite.All", but do I need additional permissions?

Environment Details:
Using Microsoft Graph Beta API
Application is registered in Azure AD and uses Azure AD App Proxy
The .pfx certificate must be stored with a password

Any help or working examples would be greatly appreciated!