Skip to main content

Update on Self-Signed Certificate Setup Process for NAV / Business Central

07/10/2020 - Update on Self-Signed Certificate Setup Process for NAV / Business Central 

As per my previous post on setting up NAVUserPassword here

Reference: 

https://community.dynamics.com/nav/b/dynamicsnavcloudfronts/posts/how-to-login-windows-client-and-web-client-using-navuserpassword-authentication-in-microsoft-dynamics-nav

If you have created a Certificate using the above PowerShell command and it gives error while starting the NAV / BC Instance with the error as follows:

*******************************************************

Server instance: DynamicsNAV100
Tenant: 
<ii>The service MicrosoftDynamicsNavServer$DynamicsNAV100 failed to start. This could be caused by a configuration error. Detailed error information: System.ArgumentException: It is likely that certificate 'CN=navision.southeastasia.cloudapp.azure.com' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.ServiceModel.Security.SecurityUtils.GetKeyContainerInfo(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.CanKeyDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   --- End of inner exception stack trace ---
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeProvider.CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.ConnectionOrientedTransportChannelListener..ctor(ConnectionOrientedTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpChannelListener..ctor(TcpTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.SessionChannelDemuxer`2..ctor(BindingContext context, TimeSpan peekTimeout, Int32 maxPendingSessions)
   at System.ServiceModel.Channels.ChannelDemuxer.CreateTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.GetTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.BuildChannelListener[TChannel](BindingContext context, ChannelDemuxerFilter filter)
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel]()
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel](MessageFilter filter, Int32 priority)
   at System.ServiceModel.Channels.SecurityChannelListener`1.InitializeListener(ChannelBuilder channelBuilder)
   at System.ServiceModel.Channels.TransportSecurityBindingElement.BuildChannelListenerCore[TChannel](BindingContext context)
   at System.ServiceModel.Channels.ReliableChannelListener`3..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverSession`5..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverDuplexSession`2..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableSessionBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at Microsoft.Dynamics.Nav.Types.Channels.ChunkingBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.StartWcfServices()
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.Start(String commandLineServiceInstanceName).</ii>

*******************************************************

This can be resolved by creating a certificate using the method below.
  • Download Self-signed certificate generator (PowerShell) from Technet.
  • Open Windows Powershell ISE as administrator.
  • Go to the directory where you saved the New-SelfSignedCertificateEx.ps1 file.
  • Run the following command:
    Import-Module .\New-SelfSignedCertificateEx.ps1.
    New-SelfSignedCertificateEx –Subject “CN=<your site name>” –IsCA $true –Exportable –StoreLocation LocalMachine
Every other step after the creation of a self-signed certificate will be the same. Note that this blog is not to be followed is you have bought an SSL certificate.

Comments

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta

Setting up OAuth Authentication for Business Central Web Services / APIs

Introduction: After upgrading Business Central to version 17 (Wave2 2020), I found that there was an error telling me that WebService Key is going to be deprecated soon. Web Service Access Key is deprecated. Hence, I decided to explore and probably make it easier through this blog. Pre- requisites : Admin Access to Office 365 Admin Access to Azure Demonstration: 1. App Registration on Azure Portal: To enable OAuth authentication for any apps in Azure Active Directory, you will need to perform App Registration and set up the permissions and security details. i.) Register the App: Search for 'App Registration' on the Azure Portal. Click on New Registration Type in the App Names, Account Types and Redirect URI. Registering Application ii.) Setup API Permissions: Go to API Permissions > Add Permissions > Business Central App > Select Delegated Permissions > Select Other Permissions and Financials > Add Permissions Button. Setup API Permissions iii.) Setup Client Secr

How to Upgrade Data from Microsoft Dynamics NAV to Microsoft Dynamics Business Central On Premise - Part 2

 Introduction: Now that the first step of the problem preprocessing of the NAV Database to make it ready to be migrated to BC is done(refer Part 1 ), we can now proceed further with connecting the database in Business Central On-Premise. Pre- requisites : Microsoft Dynamics 365 Business Central Microsoft Dynamics for NAV Microsoft SQL Server Management Studio (SSMS) Powershell ISE Understand NAV to BC Upgrade Considerations -  Click here Understand Upgrade Path -  Click here Books & References: https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/upgrade/upgrade-considerations#online https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/upgrade/upgrade-paths https://www.sauravdhyani.com/2018/10/msdyn365bc-data-upgrade-to-microsoft.html https://olisterr.blogspot.com/2022/03/how-to-upgrade-data-from-microsoft.html https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/upgrade/upgrade-permissions Demonstration: 1. Install Business