Skip to main content

Notifications

Small and medium business | Business Central, N...
Suggested answer

The X.509 certificate usage time is invalid.

Posted on by

In our BC environments we are facing "The X.509 certificate usage time is invalid." issues.

We see the below errors when we look at the logs for the BC container

 The Service Principal Name (Delegation) configuration has been set incorrectly. Server connect URL: "net.tcp://localhost:7046/BC/Service". SPN Identity: "DynamicsNAV/localhost:7046"
  The X.509 certificate (CN=BCCloudLatest; 6D23034CD2CA6D6C832867228F1A67BEA0E883B2) usage time is invalid.  The usage time '2/24/2023 9:05:44 AM' does not fall between NotBefore time '2/10/2022 1:37:09 PM' and NotAfter time '2/10/2023 1:57:09 PM'. The X.509
 certificate CN=BCCloudLatest; 6D23034CD2CA6D6C832867228F1A67BEA0E883B2 chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A required certificate is
 not within its validity period when verifying against the current system clock or the timestamp in the signed file. 

Where do we get the new certificate from? How do we renew it for BC instance which is in a container?

  • Suggested answer
    DAnny3211 Profile Picture
    DAnny3211 9,272 Super User 2024 Season 1 on at
    RE: The X.509 certificate usage time is invalid.

    hi

    look this

    learn.microsoft.com/.../troubleshooting-x509-certificate-error

    DAniele

  • Juan K Profile Picture
    Juan K on at
    RE: The X.509 certificate usage time is invalid.

    Hi Bhavani,

    I added the source, where the container's dev is replying to those questions.  Please access the link and add your additional questions.  You will receive the most accurate response there.

    Regards,

    Juan B

  • RE: The X.509 certificate usage time is invalid.

    Hello Juan

    Thank you very much!

    The suggestion is to update script SetupCertificate.ps1 while creating new containers. But our issue is the cert on our existing containers expired. And is there a way we can renew it?

  • Suggested answer
    Juan K Profile Picture
    Juan K on at
    RE: The X.509 certificate usage time is invalid.

    Hi Bhavani,

    What you can do fairly simple is to download the setupCertificate.ps1 script (https://github.com/microsoft/nav-docker/blob/master/generic/Run/SetupCertificate.ps1) to a local file - add the -notAfter parameter to the script and specify the full path of the modified local SetupCertificate.ps1 to -myscripts - then you will override the certificate creation with your own version.

    Source: FEATURE REQUEST: Add SSL Cert. Validity Period Property to New-BcContainer · Issue #2913 · microsoft/navcontainerhelper · GitHub

    I hope it helps.

    Regards,

    Juan B.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

New! Quick response templatesâš¡

Save time with the new custom templates!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,188 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,030 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans