Check out the latest Commerce updates!Learn about the key capabilities and features of Dynamics 365 Commerce and experience some of the new features.
Download overview guide | Watch Commerce video
2020 release wave 1 Discover the latest updates and new features to Dynamics 365 planned through September 2020
Release overview guides and videos Release Plan | Preview 2020 Release Wave 1 Timeline
Ace your Dynamics 365 deployment with packaged services delivered by expert consultants. | Explore service offerings
Connect with the ISV success team on the latest roadmap, developer tool for AppSource certification, and ISV community engagements | ISV self-service portal
The FastTrack program is designed to help you accelerate your Dynamics 365 deployment with confidence.
FastTrack Program | Finance TechTalks | Customer Engagement TechTalks | Upcoming TechTalks
In Norway it is a legal requirement that transactions from POS systems are digitally signed. For this a certificate is used.
We have an environment upgraded to 10.0.8. The certificate is stored in Azure Key Vault, and we have defined the secret in D365FO key vault parameters.
In Commerce Runtime we have an extension that uses a CRT API for retrieving the certificate from KeyVault. We use the following code for getting the certificate.
var getCertRequest = new GetUserDefinedSecretCertificateServiceRequest("SigningCertificate");
string getCertStringResponse = request.RequestContext.Execute<GetUserDefinedSecretStringValueServiceResponse>(getCertRequest).SecretStringValue;
certificate = new X509Certificate2(Convert.FromBase64String(getCertStringResponse));
The certificate is returned, but without the private key. The private key is needed for the signing of the transaction data.
Have you used this API, or used another way of getting a certificate from Azure Key Vault in a CRT extension?
I have also tried to use GetUserDefinedSecretStringValueServiceRequest which returns the certificte as a string. This throws an error in core CRT when converting the certificate to System.String.
Does this issue only happened after upgrade to 10.0.8? Is there any ENV working fine after upgrade to 10.0.8?
There are 2 request-response pairs:
In the code you provided GetUserDefinedSecretCertificateServiceRequest is executed, but response it casted to GetUserDefinedSecretStringValueServiceResponse - that will not work, because CRT will return GetUserDefinedSecretCertificateServiceResponse.
If you need GetUserDefinedSecretStringValueServiceResponse with String value, execute GetUserDefinedSecretStringValueServiceRequest
------ some more thoughts ----
Thanks for your response to my question :-)
I have learned that Microsoft will release a permanant solution to the digital signing on transactions in July 2020. This information can be found in the 2020 release wave 1 documention. I understand that it will be built into the standard application, no extensions will be required.
I have created a temporary solution that works. In a CRT extension I get the certificate directly from Azure KeyVault. This way I am getting the private key used for signing.
This will be a temporary solution until the new solution for this is released.
We have a solution for this now. The problem was related to the activation of Retail Cloud Scale Unit, not version 10.0.8.
Business Applications communities