Dynamics Community Forum Thread Details

Service tier might load a different certificate since 16.4 and log an error like: Configuration setting 'DnsIdentity' has an invalid value

Microsoft Dynamics 365 Business Central development team has introduced with 16.4 a new configuration parameter, in addition to the existing ones, to get or set the certificate common name (or Subject)

The scope and intention of this key was to be used with SaaS (per se or Embedded Apps).

Since 16.4, it might happen that service tier is loading another certificate than the one that has been configured or setup if the common name has not been specified. This lead to web client not able to connect anymore

And an error in the application log like

Error accessing Website
Type: Microsoft.Dynamics.Nav.Types.NavServerNotFoundException
Message: The client could not establish a connection to the Microsoft Dynamics 365 Business Central Server.
Reason = "Configuration setting 'DnsIdentity' has an invalid value"
Description = "The Identity check failed for the outgoing message. The remote endpoint did not provide a domain name system (DNS) claim and therefore did not satisfied DNS identity 'XXXXXXXX'. This may be caused by lack of DNS or CN name in the remote endpoint X.509 certificate's distinguished name."A server was not found at "YYYYYYYY". Either the URL is incorrect or the server is currently not available.
StackTrace:

The same issue has also been reported in this community post

https://community.dynamics.com/business/f/dynamics-365-business-central-forum/401886/bc16-service-uses-tenantencryptioncert-for-some-reason

The potential mitigation to resolve this issue is to add the following key in the customsettings.config file

<add key="ServicesCertificateCommonName" value="<SubjectName" />

Where SubjectName is the Subject Name of the certificate as shown below