Skip to main content

Notifications

Setting Up SSL for Web Services on NAV 2009 R2 and Server 2008 R2

Setting Up SSL for Web Services on Dynamics NAV 2009 R2 and Server 2008 R2

NOTE: For the purposes of this blog, we will be using the port 7047; however, you can use any port configured for your Web Service.

Requirements

  • Existing Microsoft Dynamics NAV Web Services
  • SSL Certificate installed in Personal Certificates
  • Administrative rights to server

Configure Web Service to use SSL

  1. Run notepad As Administrator and open the CustomSettings.config file on the computer where the Microsoft Dynamics NAV Server is installed. The default location is:

    “C:\Program Files\Microsoft Dynamics NAV\Service\CustomSettings.config”

  • Locate the key:

    <add key="WebServiceSSLEnabled" value="false"></add>

    and change the value from false to true

    <add key="WebServiceSSLEnabled" value="true"></add>

  • Open the Services Snap In by going to Administrative Tools > Services.
  • Restart the Microsoft Dynamics NAV Business Web Services service.

Import the SSL Certificate into the local computer store

If you already have the Certificates Snap-In, open the certificates Snap In and skip to step 8.

  1. Go to the Start menu and click Run.
  2. Type mmc and click OK.
  3. On the File menu, click Add/Remove Snap-in.
  4. Locate the Certificates Snap-In and click Add.
  5. Select Computer Account and click Finish.
  6. Select Local Computer and click Finish.
  7. Click OK to close the Add or Remove Snap-ins window.
  8. In the left pane of the console, expand Certificates (Local Computer).
  9. Right Click on Personal and click Import.
  10. When the wizard opens click Next.
  11. Browse to your certificate and click Next.
  12. If the certificate has a password enter it and click Next
  13. Select Place all certificates in the following store and click Next.
  14. Click Finish then OK to confirm that the import was successful.

Obtain the Certificate’s Thumbprint

  1. In the Certificates snap-in, expand the Personal folder and select Certificates.
  2. Locate the certificate you wish to use and double-click it.
  3. In the certificate window, click on Details.
  4. In the Details pane, scroll down to find the Thumbprint field.
  5. Copy the text to a text editor and remove all spaces. Save this for later.

Screenshot of certificate window

Figure 1. Certificate window with Details pane displayed and the Thumbprint field highlighted.
 

Configure the server’s Access Control List and the Web Services Port

  1. Open a command prompt window with elevated (administrative) rights.
  2. If the service is already running and configured, you will need to remove its entries.
  3. Run the following command to show all port mappings for the server:
    netsh http show urlacl
  4. The system should return a list of ports and you should see one registered to DynamicsNAV: http://+:7047/DynamicsNAV/

The + after the http signifies localhost

Figure 2. The + after the http signifies localhost

  1. You will need to delete all entries associated with the port for DynamicsNAV. In the example above you see both http://+:7047/ and http://+:7047/DynamicsNAV.

    Both will need to be removed.
  2. Remove them by using the following command:

    netsh http delete urlacl url={your url here}

    Replace the highlighted text with the url from the previous command, e.g., http://+:7047/
  3. You will now need to register the service back with a URL using https.  Run the following command to add the base service:

    netsh http add urlacl url=https://+:7047/ sddl=D:(A;;GX;;;NS)(A;;GX;;;BA)

    If your port is not 7047, you can adjust the URL to your needs. Make sure that the https is set in the url.
  4. Run the following command to register the DynamicsNAV web service port:

    netsh http add urlacl url=https://+:7047/DynamicsNAV/ user={your service username}

    Replace the highlighted portion with your service user account e.g. CONTUSO\navservices

    Notice that to register the base port, I used “sddl,” and for the Web Service Port, I used “user.” You can use “sddl” for both; however, in order to do so, you will need to get the active directory SID of the user. The format will be as follows:

    D:(A;;GX;;;{user SID here})

Configure the port to use the SSL Certificate

  1. Verify that the port you wish to use does not already have an SSL certificate assigned to it by typing the following:

    netsh http show sslcert
  2. If you see any entry where the IP:port is bound to the same port as your Web Service, you will want to remove it by typing the following:

    netsh http delete sslcert ipport=0.0.0.0:{your port here}
  3. Register your SSL certificate to your Web Service port with the following:

    netsh http add sslcert ipport=0.0.0.0:{your port here} certhash={certificate thumbnail here} appid={00000000-0000-6002-0022-0000836BD2D2}

    Make sure to change the highlighted areas with your appropriate information. The appID is any valid GUID in your system. The example above is the GUID for the NAV Server.
  4. Restart the Microsoft Dynamics NAV Business Web Services service.
  5. Test the service by going to the following address in your web browser:

    https://localhost:7047/DynamicsNAV/WS/Services

If you have any further questions about this or other development questions, please contact one of our development experts at ArcherPoint. If you found this blog helpful, check out our collection of Development Blogs.

Blog Tags:


This was originally posted here.

Comments

*This post is locked for comments