Navision Web Services & SSL

smpgrlz2 · 2011-08-16

Here is the scenario I need help with:

1. ExternalServerIP calls internal DB via [url=http://ExternalIP:Port]http://ExternalIP:Port[/url]

2. Our Firewall says "hello ExternalServerIP, you're OK, let me FWD [url=http://ExternalIP:Port]http://ExternalIP:Port[/url] --> [url=http://InternalIP:Port]http://InternalIP:Port[/url]"

3. Our Internal Server challenges this FWD, requiring a domain credentials. Passes.

4. [url=http://InternalIP:Port]http://InternalIP:Port[/url] requests/fulfills internal DB query via NAS

All of these elements work. Now, enabling SSL, that is where I am stuck.

Using: Windows Server 2008, IIS6, we are NOT using IIS, so I need a command line that works.

I have seen the documentation here:

http://msdn.microsoft.com/en-us/library/ms952079.aspx
http://msdn.microsoft.com/en-us/library/ee414240.aspx

BUT - httpcfg does not work. So I am looking for netsh commands to enable:

https for externalIP:port and/or internalIP:port

I am I barking up the wrong tree? My external vendor is waiting for this and I keep running into roadblocks.

Wisdom? I am all ears. Thank you!

frost_amo · 2011-08-16

Try these commands:

1. Configure the Access Control:
netsh http add urlacl url=https://+:7047/DynamicsNAV/ user=DOMAIN\USERNAME

2. Configure port for SSL certificate:
netsh http add sslcert ipport=XX.XX.XX.XX:PORT certhash=<hash> appid={guid}

Hope it will help.
Good luck.

smpgrlz2 · 2011-08-16

frost_amo: Thank you!

I have been battling the netsh http commands this afternoon and it just occurred to me that if I have the port opened for http, perhaps I need to run this command:

netsh http delete urlacl url=http://+:7047/MyCli user=DOMAIN\USERNAME
then
netsh http add urlacl url=https://+:7047/DynamicsNAV/ user=DOMAIN\USERNAME

Yes/no? Here's why:

After I attempt the add--> Url reservation add failed, Error 180. Cannot create a file when that file already exists.

frost_amo · 2011-08-17

Yes, you are right.
If the same port has been already configured for using HTTP, you should firstly delete it.
After that you will be able to add HTTPS rule to ACL.

smpgrlz2 · 2011-08-17

I did the commands, and now we cannot even connect via localhost

frost_amo · 2011-08-18

smpgrlz2 wrote:

I did the commands, and now we cannot even connect via localhost

Actualy it's normal situation and depends on how did you configure your ACL. If you specified an external IP in netsh commands, you are not be able to connect via localhost (because SSL doesn't know how to encrypt your request

).

In order to be able to connect via localhost also, you have to add additional rule to ACL.

MHavemann · 2013-09-11

Hi

Trying to get this to work - the add urlacl was no problem but the add sslcert requires an APPID. What appis should I use and where do I get that?

All help appreciated

Thx

Martin

Navision Web Services & SSL

Comments

Categories

Navision Web Services &amp; SSL

Comments

Categories

Navision Web Services & SSL