Skip to main content

Update on Self-Signed Certificate Setup Process for NAV / Business Central

07/10/2020 - Update on Self-Signed Certificate Setup Process for NAV / Business Central 

As per my previous post on setting up NAVUserPassword here

Reference: 

https://community.dynamics.com/nav/b/dynamicsnavcloudfronts/posts/how-to-login-windows-client-and-web-client-using-navuserpassword-authentication-in-microsoft-dynamics-nav

If you have created a Certificate using the above PowerShell command and it gives error while starting the NAV / BC Instance with the error as follows:

*******************************************************

Server instance: DynamicsNAV100
Tenant: 
<ii>The service MicrosoftDynamicsNavServer$DynamicsNAV100 failed to start. This could be caused by a configuration error. Detailed error information: System.ArgumentException: It is likely that certificate 'CN=navision.southeastasia.cloudapp.azure.com' may not have a private key that is capable of key exchange or the process may not have access rights for the private key. Please see inner exception for detail. ---> System.Security.Cryptography.CryptographicException: Invalid provider type specified.

   at System.Security.Cryptography.Utils.CreateProvHandle(CspParameters parameters, Boolean randomKeyContainer)
   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)
   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()
   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)
   at System.Security.Cryptography.X509Certificates.X509Certificate2.get_PrivateKey()
   at System.ServiceModel.Security.SecurityUtils.GetKeyContainerInfo(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.CanKeyDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   --- End of inner exception stack trace ---
   at System.ServiceModel.Security.SecurityUtils.EnsureCertificateCanDoKeyExchange(X509Certificate2 certificate)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateServerX509TokenProvider()
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateLocalSecurityTokenProvider(RecipientServiceModelSecurityTokenRequirement recipientRequirement)
   at System.ServiceModel.Security.ServiceCredentialsSecurityTokenManager.CreateSecurityTokenProvider(SecurityTokenRequirement requirement)
   at System.ServiceModel.Channels.SslStreamSecurityUpgradeProvider.CreateServerProvider(SslStreamSecurityBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.ConnectionOrientedTransportChannelListener..ctor(ConnectionOrientedTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpChannelListener..ctor(TcpTransportBindingElement bindingElement, BindingContext context)
   at System.ServiceModel.Channels.TcpTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.SessionChannelDemuxer`2..ctor(BindingContext context, TimeSpan peekTimeout, Int32 maxPendingSessions)
   at System.ServiceModel.Channels.ChannelDemuxer.CreateTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.GetTypedDemuxer(Type channelType, BindingContext context)
   at System.ServiceModel.Channels.ChannelDemuxer.BuildChannelListener[TChannel](BindingContext context, ChannelDemuxerFilter filter)
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel]()
   at System.ServiceModel.Channels.ChannelBuilder.BuildChannelListener[TChannel](MessageFilter filter, Int32 priority)
   at System.ServiceModel.Channels.SecurityChannelListener`1.InitializeListener(ChannelBuilder channelBuilder)
   at System.ServiceModel.Channels.TransportSecurityBindingElement.BuildChannelListenerCore[TChannel](BindingContext context)
   at System.ServiceModel.Channels.ReliableChannelListener`3..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverSession`5..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableListenerOverDuplexSession`2..ctor(ReliableSessionBindingElement binding, BindingContext context)
   at System.ServiceModel.Channels.ReliableSessionBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at Microsoft.Dynamics.Nav.Types.Channels.ChunkingBindingElement.BuildChannelListener[TChannel](BindingContext context)
   at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
   at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
   at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
   at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
   at System.ServiceModel.ServiceHostBase.InitializeRuntime()
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.StartWcfServices()
   at Microsoft.Dynamics.Nav.WindowsServices.NavServerWindowsService.Start(String commandLineServiceInstanceName).</ii>

*******************************************************

This can be resolved by creating a certificate using the method below.
  • Download Self-signed certificate generator (PowerShell) from Technet.
  • Open Windows Powershell ISE as administrator.
  • Go to the directory where you saved the New-SelfSignedCertificateEx.ps1 file.
  • Run the following command:
    Import-Module .\New-SelfSignedCertificateEx.ps1.
    New-SelfSignedCertificateEx –Subject “CN=<your site name>” –IsCA $true –Exportable –StoreLocation LocalMachine
Every other step after the creation of a self-signed certificate will be the same. Note that this blog is not to be followed is you have bought an SSL certificate.

Comments

Popular posts from this blog

Something went wrong. An Error occurred - Error Resolution

Introduction: With the installation of NAV 2018 or BC On-premise, I have observed that when creating New Server Instance and New WebServer Instance, you will get the error 'Something went wrong. An Error occurred '. I referred to the community questions below but didn't find my resolution. Hence, I decided to write this blog. Pre-requisites: Microsoft Dynamics Business Central - On-Premise / NAV 2018 Understanding of Business Central Authentication  Books & References: https://community.dynamics.com/nav/f/microsoft-dynamics-nav-forum/261301/nav-2018-web-client-an-error-has-occurred https://community.dynamics.com/business/f/dynamics-365-business-central-forum/421987/error-something-went-wrong-an-error-has-occurred-azure-ad-tenant Demonstration: 1. Creation of NAVServerInstance: In order to create NAVServerInstance, you can either add the Server Instance through Business Central Administration or Powershell command. Add Instance - Business Central Administration Add Insta

Universal Code Error and Resolution

Introduction: On Friday, May 12th, 2023, the Business Central On-Premise Production Environments started throwing universal code errors as follows. This occurred to every customer on a lower version of BC 19,20 and 21 irrespective of their localization, customization, and license. Pre-requisites:  Understanding of Technical Upgrade in Business Central On-Prem References: BC20 On prem. Universal Code requirement error after installing customer's license. - Dynamics 365 Business Central Forum Community Forum (40) Yammer : Dynamics 365 Business Central Development : View Conversation Root Cause: The certificate that signs Microsoft Base Application was expired. Errors started occurring if you Uninstalled, Installed Extensions, Restart Server Instances or for some even out of random started popping out. We first thought could be a license issue as we had fixed that before but this did not solve the issue. Resolution: Microsoft identified the issue and posted the following update The mi

How to resolve 'Edit in Excel' issues

  Introduction: As you know that D365 BC offers Edit in Excel functionality. But manipulating or customizing such a  standard functionality is difficult as there is not much control available. Hence, solving issues is also a difficult task. I will be resolving the issue for this specific issue, however, the debugging steps are similar. Pre- requisites : ODATA V4 Connectivity tool for Webservices Microsoft Dynamics 365 Business Central Books & References: https://community.dynamics.com/business/f/dynamics-365-business-central-forum/448226/issue-with-excel-add-in/ Demonstration: The way Edit in Excel works is that for a given page a Webservice is created adding PageID and Page Name. Hence, there are some Webservice connectivity checks in place to validate. 1. Edit in Excel Custom Action on the page: If you are adding Edit in Excel Action on the page, please ensure that you are providing appropriate PageName and Filter criteria as Webservice is using these parameters Refer Editworkshe