web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Using SSL certificate ...
Microsoft Dynamics NAV (Archived)

Using SSL certificate with Nav service and FQDN vs local

(0) ShareShare
ReportReport
Posted on by MartinMartin 57

Hi,

I have an Nav 2016 service that runs with an untrusted SSL (Navhost1.dom.local)

Credential type Username.

Works just fine - but the clients needs to have the certificate imported I order to start and logon the Navision client.

On the Nav server the SSL needs to have the computername (Navhost1.dom.local) in order to start.

But what do I do if I want to use an globally trusted SSL for example Navhost1.mydomain.com?

Do I need to rename my navserver and windows domain?

Have tried to use split DNS. Created an new zone mydomain.com with the host Navhost1 pointing to IP.

Does not work.

Can not find any info regarding this.

Best regards

Martin

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    Community Member Profile Picture
    Community Member on at

    Hi,

    Refer following links

    saurav-nav.blogspot.in/.../microsoft-dynamics-nav-2016-how-to.html

    mibuso.com/.../implement-security-certificates-nav-2013

  • MartinMartin Profile Picture
    MartinMartin 57 on at

    Great links - thank you!

    Exactly what I was looking for.

    But, I am trying to use an globally trusted SSL to use with my NAV service.

    I can start the NAV service with an self generated SSL or the one from the link.

    But I can not start the service with an globaly trusted (Alpha SSL) - and I do not know whey.

    Get this error:

    Message:

    The security certificate that has the provided 'ServicesCertificateThumbprint' is not valid.

    Description = '[Subject]

    CN=Navhost1.mydomain.com, OU=Domain Control Validated, C=DK

    What can be the reason?

    The cert is an "Alpha SSL" but do I need to choose an deferent type of certificate?

  • Mouli Kaku Profile Picture
    Mouli Kaku 517 on at

    Hi Martin,

    I have a similar problem with Alpha SSL certificate , It suddenly stopped working . have you find any solution for that?

    Regards

    mouli

  • Community Member Profile Picture
    Community Member on at

    We have the same Problem. Working with self-signed but not with public certificate.

    Same error Code: The security certificate that has the provided 'ServicesCertificateThumbprint' is not valid.

    Description = '[Subject]CN=Navhost1.mydomain.com

    Somebody have a solution?

    Kind regards,

    Andre

  • Mouli Kaku Profile Picture
    Mouli Kaku 517 on at

    But I have Valid SSL certificate it is working from last 6 months but somehow today Nav has different plans and stopped working my error log shows

    Type: Microsoft.Dynamics.Nav.Types.NavSecurityNegotiationException

    Message: The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "net.tcp://localhost:7046/DynamicsNAV90/Service". SPN Identity: "DynamicsNAV/localhost:7046"

    The X.509 certificate CN=*.MyDomain.Co.uk, OU=Domain Control Validated is not in the trusted people store. The X.509 certificate CN=*.mydomain.co.uk, OU=Domain Control Validated chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. The certificate is revoked.

  • MartinMartin Profile Picture
    MartinMartin 57 on at

    It does not work for me.

    If I use the (Alpha SSL) certificate on a clean installation, servers: NavHost1/NavDC1/NavSQL1 - it works!

    But not in my production, and I can simply not understand why...

  • Community Member Profile Picture
    Community Member on at

    I solved my problem by checking the firewall and webfilter.

    I can´t reach the certificate revocation list from ssl Provider and i was really confused because my http crl check works fine (you can find CRL-URL in Detail area of your SSL certificate).

    But the NST is working in context of NST Service Account which is not integrated in Webfilter and so the default webfilter policy blocked my crl check request to ssl Provider. Stupid, checked!?

    Reconfigure Webfilter / Firewall and no works like a charm. Essence for me: Do not only check CRL by using a browser request.

    Kind regards,

    Andre

  • Suggested answer
    Mouli Kaku Profile Picture
    Mouli Kaku 517 on at

    Actual Problem is the day I posted this message SSL provider disable all his existing SSL certificates so have to regenerate the new one and added and it worked!!!  

  • Iron Felix Profile Picture
    Iron Felix 80 on at

    Hi everyone,

    Andre C. how have you managed to calibrate nav server using wefilter proxy? We have a similar problem when trying to use a bought certificate or integrating with crm online

    Kind regards

  • Community Member Profile Picture
    Community Member on at

    Did you ever find a solution to this

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans