Skip to main content

Notifications

Announcements

Check out the New Agent Creator Community
Announcing new navigation menus and the Engage with the Community forum!
News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Supply chain | Supply Chain Management, Commerce / Getting certificate wi...
Supply chain | Supply Chain Management, Commerce
Unanswered

Getting certificate with private key from Azure Key Vault

(0) ShareShare
ReportReport
Posted on by Morten Lopen 85

Hi,

In Norway it is a legal requirement that transactions from POS systems are digitally signed. For this a certificate is used.

We have an environment upgraded to 10.0.8. The certificate is stored in Azure Key Vault, and we have defined the secret in D365FO key vault parameters.

In Commerce Runtime we have an extension that uses a CRT API for retrieving the certificate from KeyVault. We use the following code for getting the certificate.

X509Certificate2 certificate;

var getCertRequest = new GetUserDefinedSecretCertificateServiceRequest("SigningCertificate");

string getCertStringResponse = request.RequestContext.Execute(getCertRequest).SecretStringValue;

certificate = new X509Certificate2(Convert.FromBase64String(getCertStringResponse));

The certificate is returned, but without the private key. The private key is needed for the signing of the transaction data.

Have you used this API, or used another way of getting a certificate from Azure Key Vault in a CRT extension?

I have also tried to use GetUserDefinedSecretStringValueServiceRequest which returns the certificte as a string. This throws an error in core CRT when converting the certificate to System.String.

https://docs.microsoft.com/en-us/dynamics365/retail/dev-itpro/manage-secrets

Regards,

Morten Løpen

  • Morten Lopen Profile Picture
    Morten Lopen 85 on at
    RE: Getting certificate with private key from Azure Key Vault

    Hi Steven,

    We have a solution for this now. The problem was related to the activation of Retail Cloud Scale Unit, not version 10.0.8.

  • Morten Lopen Profile Picture
    Morten Lopen 85 on at
    RE: Getting certificate with private key from Azure Key Vault

    Hi Oksana,

    Thanks for your response to my question :-)

    I have learned that Microsoft will release a permanant solution to the digital signing on transactions in July 2020. This information can be found in the 2020 release wave 1 documention. I understand that it will be built into the standard application, no extensions will be required.

    I have created a temporary solution that works. In a CRT extension I get the certificate directly from Azure KeyVault. This way I am getting the private key used for signing.

    This will be a temporary solution until the new solution for this is released.

  • Oksana Kovaliova Profile Picture
    Oksana Kovaliova 3,597 on at
    RE: Getting certificate with private key from Azure Key Vault

    Hi Morten,

    There are 2 request-response pairs:

    1. GetUserDefinedSecretCertificateServiceRequest   - GetUserDefinedSecretCertificateServiceResponse
    2. GetUserDefinedSecretStringValueServiceRequest - GetUserDefinedSecretStringValueServiceResponse

    In the code you provided GetUserDefinedSecretCertificateServiceRequest is executed, but response it casted to GetUserDefinedSecretStringValueServiceResponse - that will not work, because CRT will return GetUserDefinedSecretCertificateServiceResponse. 

    If you need GetUserDefinedSecretStringValueServiceResponse with String value, execute GetUserDefinedSecretStringValueServiceRequest  

    ------ some more thoughts ---- 

    1. Private key should be a part of X509Certificate2 object, received from GetUserDefinedSecretCertificateServiceRequest   
    2. There are 2 requests CertificateSignatureServiceRequest, CertificateEncryptionServiceRequest that you can try using for signing - they accept certificate details as input parameters

  • Xusheng Profile Picture
    Xusheng on at
    RE: Getting certificate with private key from Azure Key Vault

    Does this issue only happened after upgrade to 10.0.8? Is there any ENV working fine after upgrade to 10.0.8?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Check out the New Agent Creator Community
Announcing new navigation menus and the Engage with the Community forum!

Quick Links

Jainam Kothari – Community Spotlight

We are honored to recognize Jainam Kothari as our June 2025 Community…

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Announcing the Engage with the Community forum!

This forum is your space to connect, share, and grow!

Leaderboard >

Last month Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans