Skip to main content

Notifications

Microsoft Dynamics AX (Archived)

Dutch taxreport must be send with new certificates and TLS 1.2

Posted on by Microsoft Employee

Hi,

Normally we send our taxreport through a dll named microsoft.dynamics.digipoorservices.dll 

According to this article  https://www.logius.nl/ondersteuning/onderhoud/vervanging-certificaten/ they will upgrade to TLS 1.2

In Ax I tested this by changing the endpoint in the EVAT_NL macro to 'preprod-dgp2.procesinfrastructuur.nl/.../1.2'

(ofcourse compiled and forward compiled the necessary classes)

As a next step i downloaded the new certificate and installed it configured this certficate in Ax.

When I try to send the tax report the error message is:

Methode Deliver in COM-object van klasse Microsoft.Dynamics.DigipoortServicesMethods geeft als resultaat foutcode 0x80131501 (<onbekend>), hetgeen het volgende betekent: An error occurred while making the HTTP request to preprod-dgp2.procesinfrastructuur.nl/.../1.2. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

When I use the old URL (https://preprod-dgp.procesinfrastructuur.nl/wus/2.0/aanleverservice/1.2) the software works. With the new url it won't.

Does anybody know what to do? Do I need a new version of the dll or do I need to do something on the server to enable TLS 1.2? 

Thanks in advance

Julian Kooiker

*This post is locked for comments

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    M. Veigt,

    We have an AX client installed on the AOS server, capable of sending the files through Digipoort.
    Currently I'm experimenting with allowing an AX batch-process to handle the full sequence.


    Up to now I've setup the server quite alike installation on a PC-client:
    1) Install the required certificates on the server.  (both directions)

       >  Staat der Nederlander Root CA                  Trusted Root Certification Authorities
       >  Staat der Nederlander Organisatie CA        Intermediate Certification Authorities
       >  KPN PKIOverheid Organisatie CA               Intermediate Certification Authorities
       >  dgp2.procesinfrastructuur.nl                      Trusted People

    and

       >  Government of Netherlands                                Trusted Root Certification Authorities
       >  Staat der Nederlander Organisatie Services CA   Intermediate Certification Authorities
       >  KPN BV PKIOverheid Organisatie Server CA        Intermediate Certification Authorities
       >  www.<Your domain>.nl                                       Personal

    2) Having the Digipoort.dll installed / registered on the server too
    3) TLS 1.2 enabled for AX by having the proper .NET 4.5 framework installed and having the file 'ax32.exe.config' changed as stated before in earlier posting.

    Opening the AX client on the server and sending the files(s) with no problem.

    Additionally, I have to alter the EVAT_NL macro every year, in order to keep up with the most current Taxonomie version. 
    (in 2018:  nt12 => Nederlandse Taxonomie  versie 12)       On  www.nltaxonomie.nl/nt12/ you'll find the full tree of XSD / XML documents needed for referencing.

    Bert

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    How did you achieved this?

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    AndiG 

    We do have the digipoort solution running with TLS1.2 and certificates on our AOS server.

    So it is possible to have this in place.

    Bert

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    Hello,

    We have the same issue on the Server TLS 1.2 will not work on the ServerSide.

    Was you able to fix it?

    Best Regards

    Andreas Graf

  • Suggested answer
    Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    This worked like charm! Thanks a million!

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    We have an AX client installed on the server and the customized ax32.exe.config is there too.

    The Authorize.NET implementation is directly built within AX 2009 (MS standard).  We don't use a separate Authorize.NET application. AX 2009 uses .NET 3.5 per default.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    Hi,  Do you have on the server also an AX client installed?   We have.   The file 'ax32.exe.config' has been changed on the server too, with the correct settings to guide AX to use TLS1.2 as well.   Certifications installed properly there too.   In our situation that was sufficient to become operational.

    It seems that the Authorize.NET application is not using framework 4.5 or upwards.   It is a project compiled in an lower framework version?

    Good luck.

    Bert

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    Hello,

    the problem is that AX 2009 sends the message with TLS 1.0 (analyzed with MS Message Analyzer).

    I added these entries to the registry, but AX still sends with TLS 1.0.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto" = dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

    "SchUseStrongCrypto" = dword:00000001

    When I try to force the security protocol in AX to use TLS 1.2 via this X++ line of code:

    System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType::Tls12);

    I get this error message:

    Parsing symbol to CLR enum failed. ([System.Net.SecurityProtocolType] / [Tls12])

    EDIT: It's working when I execute the code client side with the ax_client config a few posts earlier.

    The Authorize.NET integration is executed server side. The enum "System.Net.SecurityProtocolType::Tls12" is not existing server side.

    .NET 4.7 is installed on the server.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    Hi,

    I don't have knowledge of an Authorize.net implementation.  However, if it's just as straight forward as Digipoort is, there should be not much difference between client setup and server setup.   But note:  Installation of the certificates to the correct paths within the certificate manager 'root' are sometimes critical.    Installing in 'Local Computer' vs 'Current User' makes a difference.

  • Quick Ly Profile Picture
    Quick Ly on at
    RE: Dutch taxreport must be send with new certificates and TLS 1.2

    Hi,

    You solve this also on the server.

    See

    forum.mibuso.com/.../server-certificate-is-not-configured-properly-with-http-sys-in-the-https-case

    Please make copy of windows register before you changed it.

    Quick1034

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

Community AMA December 12th

Join us as we continue to demystify the Dynamics 365 Contact Center

New! Quick response templatesâš¡

Save time with the new custom templates!

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,232 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,064 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans