Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 305 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 993 SQL General
- 384 SQL Performance
- 34 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 260 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Navision Web Services & SSL
smpgrlz2
Member Posts: 12
Here is the scenario I need help with:
1. ExternalServerIP calls internal DB via [url=http://ExternalIP:Port]http://ExternalIP:Port[/url]
2. Our Firewall says "hello ExternalServerIP, you're OK, let me FWD [url=http://ExternalIP:Port]http://ExternalIP:Port[/url] --> [url=http://InternalIP:Port]http://InternalIP:Port[/url]"
3. Our Internal Server challenges this FWD, requiring a domain credentials. Passes.
4. [url=http://InternalIP:Port]http://InternalIP:Port[/url] requests/fulfills internal DB query via NAS
All of these elements work. Now, enabling SSL, that is where I am stuck.
Using: Windows Server 2008, IIS6, we are NOT using IIS, so I need a command line that works.
I have seen the documentation here:
http://msdn.microsoft.com/en-us/library/ms952079.aspx
http://msdn.microsoft.com/en-us/library/ee414240.aspx
BUT - httpcfg does not work. So I am looking for netsh commands to enable:
https for externalIP:port and/or internalIP:port
I am I barking up the wrong tree? My external vendor is waiting for this and I keep running into roadblocks.
Wisdom? I am all ears. Thank you!
1. ExternalServerIP calls internal DB via [url=http://ExternalIP:Port]http://ExternalIP:Port[/url]
2. Our Firewall says "hello ExternalServerIP, you're OK, let me FWD [url=http://ExternalIP:Port]http://ExternalIP:Port[/url] --> [url=http://InternalIP:Port]http://InternalIP:Port[/url]"
3. Our Internal Server challenges this FWD, requiring a domain credentials. Passes.
4. [url=http://InternalIP:Port]http://InternalIP:Port[/url] requests/fulfills internal DB query via NAS
All of these elements work. Now, enabling SSL, that is where I am stuck.
Using: Windows Server 2008, IIS6, we are NOT using IIS, so I need a command line that works.
I have seen the documentation here:
http://msdn.microsoft.com/en-us/library/ms952079.aspx
http://msdn.microsoft.com/en-us/library/ee414240.aspx
BUT - httpcfg does not work. So I am looking for netsh commands to enable:
https for externalIP:port and/or internalIP:port
I am I barking up the wrong tree? My external vendor is waiting for this and I keep running into roadblocks.
Wisdom? I am all ears. Thank you!
0
Comments
1. Configure the Access Control:
netsh http add urlacl url=https://+:7047/DynamicsNAV/ user=DOMAIN\USERNAME
2. Configure port for SSL certificate:
netsh http add sslcert ipport=XX.XX.XX.XX:PORT certhash=<hash> appid={guid}
Hope it will help.
Good luck.
I have been battling the netsh http commands this afternoon and it just occurred to me that if I have the port opened for http, perhaps I need to run this command:
netsh http delete urlacl url=http://+:7047/MyCli user=DOMAIN\USERNAME
then
netsh http add urlacl url=https://+:7047/DynamicsNAV/ user=DOMAIN\USERNAME
Yes/no? Here's why:
After I attempt the add--> Url reservation add failed, Error 180. Cannot create a file when that file already exists.
If the same port has been already configured for using HTTP, you should firstly delete it.
After that you will be able to add HTTPS rule to ACL.
Actualy it's normal situation and depends on how did you configure your ACL. If you specified an external IP in netsh commands, you are not be able to connect via localhost (because SSL doesn't know how to encrypt your request
In order to be able to connect via localhost also, you have to add additional rule to ACL.
Trying to get this to work - the add urlacl was no problem but the add sslcert requires an APPID. What appis should I use and where do I get that?
All help appreciated
Thx
Martin