Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 264 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 384 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Using SSL certificate with Nav service - FQDN vs local
martin78
Member Posts: 5
Hi,
I have an Nav 2016 service that runs with an untrusted SSL (Navhost1.dom.local)
Credential type Username.
Works just fine - but the clients needs to have the certificate imported I order to start and logon the Navision client/server.
On the Nav server the SSL needs to have the computername (Navhost1.dom.local) in order to start.
But what do I do if I want to use an globaly trusted SSL for example Navhost1.mydomain.com?
Do I need to rename my navserver and windows domain?
Have tried to use split DNS. Created an new zone mydomain.com with the host Navhost1 pointing to IP.
Does not work.
Can not find any info regarding this.
Best regards
Martin
I have an Nav 2016 service that runs with an untrusted SSL (Navhost1.dom.local)
Credential type Username.
Works just fine - but the clients needs to have the certificate imported I order to start and logon the Navision client/server.
On the Nav server the SSL needs to have the computername (Navhost1.dom.local) in order to start.
But what do I do if I want to use an globaly trusted SSL for example Navhost1.mydomain.com?
Do I need to rename my navserver and windows domain?
Have tried to use split DNS. Created an new zone mydomain.com with the host Navhost1 pointing to IP.
Does not work.
Can not find any info regarding this.
Best regards
Martin
0
Answers
Global steps:
1. Import the SSL certificate in the certificate store of your server
2. In the certificate store, grant permissions to the Account that is used by you NAV Service to use the certificate
3. Set up the DNS (as you already did)
4. In the clients ClientUserSettings.config the servername AND the 'DnsIdentity' keys need to match to the certificate's name.
You can find documentation on msdn: https://msdn.microsoft.com/en-us/library/gg502467(v=nav.90).aspx
Thank you for your answer.
When starting Navservice with the (globally) tusted SSL, I receive this error:
Message:
The security certificate that has the provided 'ServicesCertificateThumbprint' is not valid.
Description = '[Subject]
CN=Navhost1.mydomain.com, OU=Domain Control Validated, C=DK
What can be the reason?
The cert is an "Alpha SSL" but do I need to choose an deferent type of certificate?
Best regards
Martin
You could also test your certificate by using it for a website (on the same server, preferably).
If I "ping" Navhost1.mydomain.com, on the NAV server, the NAV servers local IP is responding.
If I ping from outside, my public WAN IP is responding.
But why cant I start the NAV service, with this certificate?
What "checks" does the NAV service do prior starting?
If you cannot select the certificate than probably the certificate is in the wrong certificate store.
If you can select the certificate, and the certificate is not valid [as NAV suggests] then possibly IIS will give a more detailed error message.
If you can select the certificate and everything is fine on IIS, then check if the Service Account that is used by the NAV service has permissions on the certificate ( go to 'manage computer certificates', select your certificate, right click, click 'All Tasks', 'Manage Private Keys')
Thank you for your answers.
I have IIS on the same server, and have just tested.
I can choose and use the trudsted SSL. I can also type in the external SSL name, and enter IIS' default site.
( No SSL warnings).
The service user, NAV service is running with, have "full control".
But can not start the NAV service.
What about "certificate purposes" ?
All purposes is enabled but this certificate only have "server authentication" and "client authentication".
Can this be the reason?
A self generated have a lot more purposes...
Best regards
Martin
Do you get any error messages in the Windows Event Log ?
I have this in the application log:
Message:
The security certificate that has the provided 'ServicesCertificateThumbprint' is not valid.
Description = '[Subject]
CN=Navhost1.mydomain.com, OU=Domain Control Validated, C=DK
[Issuer]
CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE