web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics AX (Archived) / SSL Certificates in D3...
Microsoft Dynamics AX (Archived)
Answered

SSL Certificates in D365 on-premise

(0) ShareShare
ReportReport
Posted on by Victor123 214

Hi Guys,

Could someone explain more about required SSL certificates for an on-premise deployment?

  • How many do you need for Production? Can you use 1 certificate for multiple purposes?
  • Is "Wildcard" certificate required for Service Fabric? 
  • What is the best approach for Test environment? Can some Production certificates be reused?
  • How about deployment on local domain? I have heard that CA can't issue a certificate to a not publicly registered address.

Thanks in advance!

*This post is locked for comments

I have the same question (0)
  • Victor123 Profile Picture
    Victor123 214 on at

    Anyone?

  • Suggested answer
    BorisD Profile Picture
    BorisD 2,826 Moderator on at

    Hello Victor123,

    See link below, scroll down to Overview and click 2. Plan and acquire your certificates.

    docs.microsoft.com/.../setup-deploy-on-premises-pu12

  • Victor123 Profile Picture
    Victor123 214 on at

    Hi Boris,

    Thank you for your response.

    I already read this instruction, but it doesn't answer my questions which I provided, only gives some (not very clear) requirements.

  • Verified answer
    BorisD Profile Picture
    BorisD 2,826 Moderator on at

    Hello Victor123,

    Please find my answers to your questions below.

    How many do you need for Production? You need a Cert for all items listed below.

    SQL Server SSL certificate

    Service Fabric Server certificate

    Service Fabric Client certificate

    Encipherment Certificate

    AOS SSL Certificate

    Session Authentication certificate

    Data Encryption certificate

    Data Signing certificate

    Financial Reporting client certificate

    Reporting certificate

    On-Premise local agent certificate

    RDS Server

    Can you use 1 certificate for multiple purposes? It depends on which cert. for example, You can use your domain wildcard cert, if you have one, for your Service Fabric Server certificate by adding it as a SAN. That's The root domain must match.

    Is "Wildcard" certificate required for Service Fabric? No, but one can be used.

    What is the best approach for Test environment? Normally, in the test environments Self Signed certs are used to save money.

    Can some Production certificates be reused? It depends, If you want to use a wild card cert and you have added the test server as a SAN on the wild card cert, then it can be reused for that purpose.

    How about deployment on local domain? I have heard that CA can't issue a certificate to a not publicly registered address.

    This is correct, if the domain name doesn't belong to you, you will not be able to acquire a CA cert. However, you will be able to create self signed certs if it is a test environment.

    I hope this helps!

  • Victor123 Profile Picture
    Victor123 214 on at

    Hi Boris,

    Much appreciated for your answers!

    Could you please answer few more?

    1) If we are planning to have a Production environment on a local domain, can we use self-signed certificates for Production?

    2) As I know, when buying certificate from CA it must contain DNS address. Which address should be specified in (Data Encryption, Data Signing, Financial Reporting, On-Premise local agent and etc.) certificates?

  • Verified answer
    BorisD Profile Picture
    BorisD 2,826 Moderator on at

    Hello Victor,

    Self-signed certificates should only be used for testing purposes. Microsoft recommends that you use a publicly registered domain name for your production installation of AOS. If you don't own your domain name, you might want to think about deploying your AX on a new publicly registered domain.

    A DNS record is not a requirement to purchase a CA cert. What is required is  a unique IP address. this is usually the static IP address assigned to your organizations from your ISP.

    A CSR is needed, This is a certificate signing request generated from your IIS server.

    Correct contact information in WHOIS record.

    Business/Organization validation documents.

    Once you have chosen which CA you will go with. You can contact them and they can help you and let you know exactly what information they need from you for the deferent certs needed.

    I have included some additional links below for you to review that I believe will help you in your deployment.

    community.dynamics.com/.../281127

    sinedax.blogspot.com/.../microsoft-dynamics-365-for-finance-and.html

    sinedax.blogspot.com/.../microsoft-dynamics-365-for-finance-and_26.html

    Hope this helps!

  • Victor123 Profile Picture
    Victor123 214 on at

    Hi Boris,

    Thank you for your answers, they will definitely help!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics AX (Archived)

#1
Martin Dráb Profile Picture

Martin Dráb 4 Most Valuable Professional

#1
Priya_K Profile Picture

Priya_K 4

#3
MyDynamicsNAV Profile Picture

MyDynamicsNAV 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans