Skip to main content

Update on Self-Signed Certificate Setup Process for NAV / Business Central

07/10/2020 - Update on Self-Signed Certificate Setup Process for NAV / Business Central 

As per my previous post on setting up NAVUserPassword here


If you have created a Certificate using the above PowerShell command and it gives error while starting the NAV / BC Instance with the error as follows:


Server instance: DynamicsNAV100
<ii>The service MicrosoftDynamicsNavServer$DynamicsNAV100 failed to start. This could be caused by a configuration error. Detailed error information: System.ArgumentException: It is likely that certificate '' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.ServiceModel.Security.SecurityUtils.GetKeyContainerInfo(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.CanKeyDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   --- End of inner exception stack trace ---
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeProvider.CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.ConnectionOrientedTransportChannelListener..ctor(ConnectionOrientedTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpChannelListener..ctor(TcpTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.SessionChannelDemuxer`2..ctor(BindingContext context, TimeSpan peekTimeout, Int32 maxPendingSessions)
   at System.ServiceModel.Channels.ChannelDemuxer.CreateTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.GetTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.BuildChannelListener[TChannel](BindingContext context, ChannelDemuxerFilter filter)
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel]()
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel](MessageFilter filter, Int32 priority)
   at System.ServiceModel.Channels.SecurityChannelListener`1.InitializeListener(ChannelBuilder channelBuilder)
   at System.ServiceModel.Channels.TransportSecurityBindingElement.BuildChannelListenerCore[TChannel](BindingContext context)
   at System.ServiceModel.Channels.ReliableChannelListener`3..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverSession`5..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverDuplexSession`2..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableSessionBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at Microsoft.Dynamics.Nav.Types.Channels.ChunkingBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.StartWcfServices()
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.Start(String commandLineServiceInstanceName).</ii>


This can be resolved by creating a certificate using the method below.
  • Download Self-signed certificate generator (PowerShell) from Technet.
  • Open Windows Powershell ISE as administrator.
  • Go to the directory where you saved the New-SelfSignedCertificateEx.ps1 file.
  • Run the following command:
    Import-Module .\New-SelfSignedCertificateEx.ps1.
    New-SelfSignedCertificateEx –Subject “CN=<your site name>” –IsCA $true –Exportable –StoreLocation LocalMachine
Every other step after the creation of a self-signed certificate will be the same. Note that this blog is not to be followed is you have bought an SSL certificate.


Popular posts from this blog

Understanding and How to use APIs Business Central - 2

Introduction: In my last blog post ( Business Central API -1 ) on Creating API in Business Central, we discussed all the commonly used properties of the page, query, and controls like field and data-item. In today's blog, we will be diving deeply into the validation of the data passed through the API endpoint, how it enters into the source tables and is manipulated to be inserted/modified into single or multiple tables. Also, I will be demonstrating how APIs are to be used. Pre-requisites: Microsoft Dynamics Business Central (SaaS) VS Code( ) AL Language Extension( ) API V1 from Business Central On-Premise DVD Books & References: API V1 from Business Central On-Premise DVD API(V1.0) for Business Central ( Click Here ) API(Beta) for Business Central ( Click Here ) Theory: Understanding API in Business Central 1. BINDSUBSCRIPTIONS: Use to trigger IntegrationEvent for the Codeunit stated

Enum Object in Business Central - How to create and how to extend!

Introduction: Since the dawn of Business Central Era (2nd April 2018 - Today), there are many new data types introduced by Microsoft. One such data type is Enum(Enumeration). Essentially, what enumeration is having a single select value with multiple options at a given time! Well, I know what your thinking what about the 'Option' data type. Anyways, enough of talking let's just dive in! Disclaimer:   The knowledge in this blog is true and complete to the best of authors and publishers knowledge. The author and publisher disclaim any liability in connection with the use of this information. Pre-requisites: Microsoft Dynamics Business Central (SaaS or On-Premise) VS code with AL Language extension Code: 1. Enum as an Object: Just like Tables and Pages, Enum behaves like an Object. Enum Object Note that Extensible means that the Enum Object can be extended in another module. By default, this property is set to TRUE. Enums created in a module(App), ca

Creating APIs in Business Central - 1

Introduction: While writing a blog on Automated Testing in Business Central, I was going through sample apps provided by Microsoft and realized that the complexity is nowhere close to what examples Microsoft has provided on In this blog, I will try to explain how APIs work and how to be creative with the implementation. Also, an API which were in beta are finally out with version V1.0 in the April 2019 release let's see some important key things from development aspects. This blog is going to be theoretical one kindly bear with me. Pre-requisites: Microsoft Dynamics Business Central (SaaS) VS Code( ) AL Language Extension( ) API V1 from Business Central On-Premise DVD Books & References: API V1 from Business Central On-Premise DVD API(V1.0) for Business Central ( Click Here ) API(Beta) for Business Central ( Click Here ) Solution: Key Requirements: API source table