The certificate method is a real PITA and mostly unnecessary. If you write a stored procedure that does the work and include EXECUTE AS OWNER and the database is owned by a login having SA privs (hopefully, the owner is "SA" and that account is disabled), then the app won't need any privs except privs to run the stored procedure.
Whatever you do, do NOT give the app privs to execute xp_CmdShell directly.
--Jeff Moden
Change is inevitable... Change for the better is not.