Skip to main content

Update on Self-Signed Certificate Setup Process for NAV / Business Central

07/10/2020 - Update on Self-Signed Certificate Setup Process for NAV / Business Central 

As per my previous post on setting up NAVUserPassword here

Reference: 

https://community.dynamics.com/nav/b/dynamicsnavcloudfronts/posts/how-to-login-windows-client-and-web-client-using-navuserpassword-authentication-in-microsoft-dynamics-nav

If you have created a Certificate using the above PowerShell command and it gives error while starting the NAV / BC Instance with the error as follows:

*******************************************************

Server instance: DynamicsNAV100
Tenant: 
<ii>The service MicrosoftDynamicsNavServer$DynamicsNAV100 failed to start. This could be caused by a configuration error. Detailed error information: System.ArgumentException: It is likely that certificate 'CN=navision.southeastasia.cloudapp.azure.com' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.ServiceModel.Security.SecurityUtils.GetKeyContainerInfo(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.CanKeyDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   --- End of inner exception stack trace ---
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeProvider.CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.ConnectionOrientedTransportChannelListener..ctor(ConnectionOrientedTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpChannelListener..ctor(TcpTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.SessionChannelDemuxer`2..ctor(BindingContext context, TimeSpan peekTimeout, Int32 maxPendingSessions)
   at System.ServiceModel.Channels.ChannelDemuxer.CreateTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.GetTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.BuildChannelListener[TChannel](BindingContext context, ChannelDemuxerFilter filter)
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel]()
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel](MessageFilter filter, Int32 priority)
   at System.ServiceModel.Channels.SecurityChannelListener`1.InitializeListener(ChannelBuilder channelBuilder)
   at System.ServiceModel.Channels.TransportSecurityBindingElement.BuildChannelListenerCore[TChannel](BindingContext context)
   at System.ServiceModel.Channels.ReliableChannelListener`3..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverSession`5..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverDuplexSession`2..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableSessionBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at Microsoft.Dynamics.Nav.Types.Channels.ChunkingBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.StartWcfServices()
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.Start(String commandLineServiceInstanceName).</ii>

*******************************************************

This can be resolved by creating a certificate using the method below.
  • Download Self-signed certificate generator (PowerShell) from Technet.
  • Open Windows Powershell ISE as administrator.
  • Go to the directory where you saved the New-SelfSignedCertificateEx.ps1 file.
  • Run the following command:
    Import-Module .\New-SelfSignedCertificateEx.ps1.
    New-SelfSignedCertificateEx –Subject “CN=<your site name>” –IsCA $true –Exportable –StoreLocation LocalMachine
Every other step after the creation of a self-signed certificate will be the same. Note that this blog is not to be followed is you have bought an SSL certificate.

Labels:

Comments

Post a Comment

Let me know your comments below. I'll try my best to answer your comment

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta...
Post a Comment
Read more

How to resolve 'Edit in Excel' issues

  Introduction: As you know that D365 BC offers Edit in Excel functionality. But manipulating or customizing such a  standard functionality is difficult as there is not much control available. Hence, solving issues is also a difficult task. I will be resolving the issue for this specific issue, however, the debugging steps are similar. Pre- requisites : ODATA V4 Connectivity tool for Webservices Microsoft Dynamics 365 Business Central Books & References: https://community.dynamics.com/business/f/dynamics-365-business-central-forum/448226/issue-with-excel-add-in/ Demonstration: The way Edit in Excel works is that for a given page a Webservice is created adding PageID and Page Name. Hence, there are some Webservice connectivity checks in place to validate. 1. Edit in Excel Custom Action on the page: If you are adding Edit in Excel Action on the page, please ensure that you are providing appropriate PageName and Filter criteria as Webservice is using these parameters Refer Ed...
Post a Comment
Read more

Installing LS Central - POS on local machine

Introduction: In this blog, I'm attempting to capture the LS Central - POS installation process on Local Machine. This blog has nothing to do LS Central - Server Setup for POS. LS Retail / LS Central - On Premise POS Pre- requisites : LS Central Installed on Server SSL Setup on LS Server (https://www.olisterr.tech/2020/03/how-to-setup-navuserpassword-with-ssl.html) LS - POS Installer Business Central - On Premise Installer Demonstration: Once your LS Retail / LS Central POS is setup on the main server. Just prior to Go-Live, you will actually have to install this POS on multiple systems and connect these POS to the main server with LS Retail / LS Central. 0.Preparation: Prior to actually installing Business Central On-Premise Windows Client, you need to make sure that you're able to ping the target with the correct Port number. For this I made use of PS-Ping tool.  PSPing - IP Address: Port If you're unable to PS-Ping the correct IP with Port number, simply check the Advan...
Post a Comment
Read more