Skip to main content

Notifications

Announcements

No record found.

Microsoft Dynamics AX (Archived)

SSL Certificates in D365 on-premise

Posted on by 210

Hi Guys,

Could someone explain more about required SSL certificates for an on-premise deployment?

  • How many do you need for Production? Can you use 1 certificate for multiple purposes?
  • Is "Wildcard" certificate required for Service Fabric? 
  • What is the best approach for Test environment? Can some Production certificates be reused?
  • How about deployment on local domain? I have heard that CA can't issue a certificate to a not publicly registered address.

Thanks in advance!

*This post is locked for comments

  • Victor123 Profile Picture
    Victor123 210 on at
    RE: SSL Certificates in D365 on-premise

    Hi Boris,

    Thank you for your answers, they will definitely help!

  • Verified answer
    BorisD Profile Picture
    BorisD 2,826 on at
    RE: SSL Certificates in D365 on-premise

    Hello Victor,

    Self-signed certificates should only be used for testing purposes. Microsoft recommends that you use a publicly registered domain name for your production installation of AOS. If you don't own your domain name, you might want to think about deploying your AX on a new publicly registered domain.

    A DNS record is not a requirement to purchase a CA cert. What is required is  a unique IP address. this is usually the static IP address assigned to your organizations from your ISP.

    A CSR is needed, This is a certificate signing request generated from your IIS server.

    Correct contact information in WHOIS record.

    Business/Organization validation documents.

    Once you have chosen which CA you will go with. You can contact them and they can help you and let you know exactly what information they need from you for the deferent certs needed.

    I have included some additional links below for you to review that I believe will help you in your deployment.

    community.dynamics.com/.../281127

    sinedax.blogspot.com/.../microsoft-dynamics-365-for-finance-and.html

    sinedax.blogspot.com/.../microsoft-dynamics-365-for-finance-and_26.html

    Hope this helps!

  • Victor123 Profile Picture
    Victor123 210 on at
    RE: SSL Certificates in D365 on-premise

    Hi Boris,

    Much appreciated for your answers!

    Could you please answer few more?

    1) If we are planning to have a Production environment on a local domain, can we use self-signed certificates for Production?

    2) As I know, when buying certificate from CA it must contain DNS address. Which address should be specified in (Data Encryption, Data Signing, Financial Reporting, On-Premise local agent and etc.) certificates?

  • Verified answer
    BorisD Profile Picture
    BorisD 2,826 on at
    RE: SSL Certificates in D365 on-premise

    Hello Victor123,

    Please find my answers to your questions below.

    How many do you need for Production? You need a Cert for all items listed below.

    SQL Server SSL certificate

    Service Fabric Server certificate

    Service Fabric Client certificate

    Encipherment Certificate

    AOS SSL Certificate

    Session Authentication certificate

    Data Encryption certificate

    Data Signing certificate

    Financial Reporting client certificate

    Reporting certificate

    On-Premise local agent certificate

    RDS Server

    Can you use 1 certificate for multiple purposes? It depends on which cert. for example, You can use your domain wildcard cert, if you have one, for your Service Fabric Server certificate by adding it as a SAN. That's The root domain must match.

    Is "Wildcard" certificate required for Service Fabric? No, but one can be used.

    What is the best approach for Test environment? Normally, in the test environments Self Signed certs are used to save money.

    Can some Production certificates be reused? It depends, If you want to use a wild card cert and you have added the test server as a SAN on the wild card cert, then it can be reused for that purpose.

    How about deployment on local domain? I have heard that CA can't issue a certificate to a not publicly registered address.

    This is correct, if the domain name doesn't belong to you, you will not be able to acquire a CA cert. However, you will be able to create self signed certs if it is a test environment.

    I hope this helps!

  • Victor123 Profile Picture
    Victor123 210 on at
    RE: SSL Certificates in D365 on-premise

    Hi Boris,

    Thank you for your response.

    I already read this instruction, but it doesn't answer my questions which I provided, only gives some (not very clear) requirements.

  • Suggested answer
    BorisD Profile Picture
    BorisD 2,826 on at
    RE: SSL Certificates in D365 on-premise

    Hello Victor123,

    See link below, scroll down to Overview and click 2. Plan and acquire your certificates.

    docs.microsoft.com/.../setup-deploy-on-premises-pu12

  • Victor123 Profile Picture
    Victor123 210 on at
    RE: SSL Certificates in D365 on-premise

    Anyone?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Top 10 leaders for November!

Congratulations to our November super stars!

Tips for Writing Effective Suggested Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,269 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,198 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans