SBX - Search With Button

SBX - Forum Post Title

Certificates in D365 on prem environment

Microsoft Dynamics AX Forum

Hafiz Usama asked a question on 17 May 2018 2:19 AM
My Badges

Question Status

Verified

Hi,

I am setting up UAT environment for on prem. For the deployment, one runs many scripts and these scripts create self signed certificates and then the thumbprints are you used later on.

I was just wondering what would I do for production? We definitely can not use self signed as they expire after a year. 

So where do I get certificates from? and how do i deal with them as currently certificates do the job.

Any help will be highly appreciated.

Reply
Hafiz Usama responded on 17 May 2018 2:49 AM
My Badges
Verified Answer

I found out below article from Sohaib, it gives the details about how to increase expiry date but I still have a question. What if I use Self signed certificates for production environment, what will be the problem?

community.dynamics.com/.../configuring-certificates-for-d365-on-perm-installation

Reply
Sohaib Cheema responded on 17 May 2018 2:51 AM
My Badges

Microsoft has recommended few names of certificate providers for production system. You can buy from certificate providers for your production instances. The purchased certificates thumbnails can be added in configuration file of prod, so rather than recreating those it will use the existing (purchased ones)

For UAT or sandBox, by default it generates for 1 year, i don't like that personally 1 year time and then it will prompt me for expiry after one year. For my UAT or sandboxes, i usually increase the timing from 1 year to my preferred time.    

Reply
Hafiz Usama responded on 17 May 2018 3:07 AM
My Badges

Sohaib ! What about the production? What is wrong with using self signed cert on prod?

Reply
Sohaib Cheema responded on 17 May 2018 3:13 AM
My Badges
Verified Answer

Simple it is not recommended from Microsoft for prod.

Otherwise technically, it would not stop you from doing installation. even with your self signed certificates it should allow you to  do installation of prod.

I have seen prod installations with self-signed certificates, in some countries.

I am not a decision maker here :) so, it is the decision of individual organization, how they want to proceed with installation of prod. May be some organization can be super rich to buy certs for UAT also. so its kind of personal decision. If you want to hear Microsoft Recommendation, they would say buy those from a authentic cert provider.  

Reply
Jelle de Haas responded on 18 May 2018 4:23 AM

I've asked the question to our FastTrack liaison, and his answer:

  • For Self-signed certificates, we are working on publishing some guidance on the renewal process. Remind me about this in a month or so, and I will check with the product team again.
  • For Certificates you purchase from a certification authority, you can renew them by contacting the certification authority.

Doesn't answer the question. For PROD I will need to provide the client with a robust and verified procedure for renewing them.

Reply
kashifvirgoo responded on 13 Aug 2018 1:54 AM

Hi,

Have you been able to find out procedure to update thumbprints of expired certificates ?

Reply
Hafiz Usama responded on 17 May 2018 2:49 AM
My Badges
Verified Answer

I found out below article from Sohaib, it gives the details about how to increase expiry date but I still have a question. What if I use Self signed certificates for production environment, what will be the problem?

community.dynamics.com/.../configuring-certificates-for-d365-on-perm-installation

Reply
Sohaib Cheema responded on 17 May 2018 3:13 AM
My Badges
Verified Answer

Simple it is not recommended from Microsoft for prod.

Otherwise technically, it would not stop you from doing installation. even with your self signed certificates it should allow you to  do installation of prod.

I have seen prod installations with self-signed certificates, in some countries.

I am not a decision maker here :) so, it is the decision of individual organization, how they want to proceed with installation of prod. May be some organization can be super rich to buy certs for UAT also. so its kind of personal decision. If you want to hear Microsoft Recommendation, they would say buy those from a authentic cert provider.  

Reply

SBX - Two Col Forum

SBX - Migrated JS