web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Supply chain | Supply Chain Management, Commerce / Getting certificate wi...
Supply chain | Supply Chain Management, Commerce
Unanswered

Getting certificate with private key from Azure Key Vault

(0) ShareShare
ReportReport
Posted on by Morten Lopen 85

Hi,

In Norway it is a legal requirement that transactions from POS systems are digitally signed. For this a certificate is used.

We have an environment upgraded to 10.0.8. The certificate is stored in Azure Key Vault, and we have defined the secret in D365FO key vault parameters.

In Commerce Runtime we have an extension that uses a CRT API for retrieving the certificate from KeyVault. We use the following code for getting the certificate.

X509Certificate2 certificate;

var getCertRequest = new GetUserDefinedSecretCertificateServiceRequest("SigningCertificate");

string getCertStringResponse = request.RequestContext.Execute(getCertRequest).SecretStringValue;

certificate = new X509Certificate2(Convert.FromBase64String(getCertStringResponse));

The certificate is returned, but without the private key. The private key is needed for the signing of the transaction data.

Have you used this API, or used another way of getting a certificate from Azure Key Vault in a CRT extension?

I have also tried to use GetUserDefinedSecretStringValueServiceRequest which returns the certificte as a string. This throws an error in core CRT when converting the certificate to System.String.

https://docs.microsoft.com/en-us/dynamics365/retail/dev-itpro/manage-secrets

Regards,

Morten Løpen

I have the same question (0)
  • Xusheng Profile Picture
    Xusheng on at

    Does this issue only happened after upgrade to 10.0.8? Is there any ENV working fine after upgrade to 10.0.8?

  • Oksana Kovaliova Profile Picture
    Oksana Kovaliova 3,597 on at

    Hi Morten,

    There are 2 request-response pairs:

    1. GetUserDefinedSecretCertificateServiceRequest   - GetUserDefinedSecretCertificateServiceResponse
    2. GetUserDefinedSecretStringValueServiceRequest - GetUserDefinedSecretStringValueServiceResponse

    In the code you provided GetUserDefinedSecretCertificateServiceRequest is executed, but response it casted to GetUserDefinedSecretStringValueServiceResponse - that will not work, because CRT will return GetUserDefinedSecretCertificateServiceResponse. 

    If you need GetUserDefinedSecretStringValueServiceResponse with String value, execute GetUserDefinedSecretStringValueServiceRequest  

    ------ some more thoughts ---- 

    1. Private key should be a part of X509Certificate2 object, received from GetUserDefinedSecretCertificateServiceRequest   
    2. There are 2 requests CertificateSignatureServiceRequest, CertificateEncryptionServiceRequest that you can try using for signing - they accept certificate details as input parameters

  • Morten Lopen Profile Picture
    Morten Lopen 85 on at

    Hi Oksana,

    Thanks for your response to my question :-)

    I have learned that Microsoft will release a permanant solution to the digital signing on transactions in July 2020. This information can be found in the 2020 release wave 1 documention. I understand that it will be built into the standard application, no extensions will be required.

    I have created a temporary solution that works. In a CRT extension I get the certificate directly from Azure KeyVault. This way I am getting the private key used for signing.

    This will be a temporary solution until the new solution for this is released.

  • Morten Lopen Profile Picture
    Morten Lopen 85 on at

    Hi Steven,

    We have a solution for this now. The problem was related to the activation of Retail Cloud Scale Unit, not version 10.0.8.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Supply chain | Supply Chain Management, Commerce

#1
Laurens vd Tang Profile Picture

Laurens vd Tang 271 Super User 2025 Season 2

#2
Siv Sagar Profile Picture

Siv Sagar 171 Super User 2025 Season 2

#3
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 130 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans