SharePoint On Premise App trust setup

SpCertTrust

# Configure Trust ----------------------------------------------------------------
$certPath = "C:\cert.cer"
$certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($certPath)
$appName = 'appName'

New-SPTrustedRootAuthority -Name $appName -Certificate $certificate 
$realm = Get-SPAuthenticationRealm
$specificIssuerId = "11115920-1111-1111-1111-111111111111" # use lower case for GUID
$fullIssuerIdentifier = $specificIssuerId + '@' + $realm

$issuer = New-SPTrustedSecurityTokenIssuer -Name $appName -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier -IsTrustBroker

iisreset 

# dev only http
 $serviceConfig = Get-SPSecurityTokenServiceConfig
 $serviceConfig.AllowOAuthOverHttp = $true
 $serviceConfig.Update()

 # App Permissions ----------------------------------------------------------------

$spurl ="https://site"
$spsite = Get-SPSite $spurl
$specificIssuerId = "11115920-1111-1111-1111-111111111111" # use lower case for GUID
$realm = Get-SPAuthenticationRealm -ServiceContext $spsite
$fullAppIdentifier = $specificIssuerId + '@' + $realm
$appPrincipal = Register-SPAppPrincipal -NameIdentifier $fullAppIdentifier -Site $spsite.OpenWeb() -DisplayName $appName

Set-SPAppPrincipalPermission -AppPrincipal $appPrincipal -Site $spsite.Rootweb -Scope SiteCollection -Right FullControl -EnableAppOnlyPolicy