Dutch taxreport must be send with new certificates and TLS 1.2

(0) Share

Report

Posted on by Community Member Microsoft Employee

Hi,

Normally we send our taxreport through a dll named microsoft.dynamics.digipoorservices.dll

According to this article https://www.logius.nl/ondersteuning/onderhoud/vervanging-certificaten/ they will upgrade to TLS 1.2

In Ax I tested this by changing the endpoint in the EVAT_NL macro to 'preprod-dgp2.procesinfrastructuur.nl/.../1.2'

(ofcourse compiled and forward compiled the necessary classes)

As a next step i downloaded the new certificate and installed it configured this certficate in Ax.

When I try to send the tax report the error message is:

Methode Deliver in COM-object van klasse Microsoft.Dynamics.DigipoortServicesMethods geeft als resultaat foutcode 0x80131501 (<onbekend>), hetgeen het volgende betekent: An error occurred while making the HTTP request to preprod-dgp2.procesinfrastructuur.nl/.../1.2. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.

When I use the old URL (https://preprod-dgp.procesinfrastructuur.nl/wus/2.0/aanleverservice/1.2) the software works. With the new url it won't.

Does anybody know what to do? Do I need a new version of the dll or do I need to do something on the server to enable TLS 1.2?

Thanks in advance

Julian Kooiker

*This post is locked for comments

All responses (27)

Answers (1)

Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

M. Veigt,

We have an AX client installed on the AOS server, capable of sending the files through Digipoort.
Currently I'm experimenting with allowing an AX batch-process to handle the full sequence.

Up to now I've setup the server quite alike installation on a PC-client:
1) Install the required certificates on the server. (both directions)

   > Staat der Nederlander Root CA                  Trusted Root Certification Authorities
   > Staat der Nederlander Organisatie CA       Intermediate Certification Authorities
   > KPN PKIOverheid Organisatie CA               Intermediate Certification Authorities
   > dgp2.procesinfrastructuur.nl                      Trusted People

and

   > Government of Netherlands                                Trusted Root Certification Authorities
   > Staat der Nederlander Organisatie Services CA   Intermediate Certification Authorities
   > KPN BV PKIOverheid Organisatie Server CA       Intermediate Certification Authorities
   > www.<Your domain>.nl               Personal

2) Having the Digipoort.dll installed / registered on the server too
3) TLS 1.2 enabled for AX by having the proper .NET 4.5 framework installed and having the file 'ax32.exe.config' changed as stated before in earlier posting.

Opening the AX client on the server and sending the files(s) with no problem.

Additionally, I have to alter the EVAT_NL macro every year, in order to keep up with the most current Taxonomie version.
(in 2018: nt12 => Nederlandse Taxonomie versie 12)     On www.nltaxonomie.nl/nt12/ you'll find the full tree of XSD / XML documents needed for referencing.

Bert
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

How did you achieved this?
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

@ AndiG

We do have the digipoort solution running with TLS1.2 and certificates on our AOS server.

So it is possible to have this in place.

Bert
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

Hello,

We have the same issue on the Server TLS 1.2 will not work on the ServerSide.

Was you able to fix it?

Best Regards

Andreas Graf
Suggested answer

Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

This worked like charm! Thanks a million!
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

We have an AX client installed on the server and the customized ax32.exe.config is there too.

The Authorize.NET implementation is directly built within AX 2009 (MS standard). We don't use a separate Authorize.NET application. AX 2009 uses .NET 3.5 per default.
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

Hi, Do you have on the server also an AX client installed? We have. The file 'ax32.exe.config' has been changed on the server too, with the correct settings to guide AX to use TLS1.2 as well. Certifications installed properly there too. In our situation that was sufficient to become operational.

It seems that the Authorize.NET application is not using framework 4.5 or upwards. It is a project compiled in an lower framework version?

Good luck.

Bert
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

Hello,

the problem is that AX 2009 sends the message with TLS 1.0 (analyzed with MS Message Analyzer).

I added these entries to the registry, but AX still sends with TLS 1.0.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SchUseStrongCrypto" = dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]

"SchUseStrongCrypto" = dword:00000001

When I try to force the security protocol in AX to use TLS 1.2 via this X++ line of code:

System.Net.ServicePointManager::set_SecurityProtocol(System.Net.SecurityProtocolType::Tls12);

I get this error message:

Parsing symbol to CLR enum failed. ([System.Net.SecurityProtocolType] / [Tls12])

EDIT: It's working when I execute the code client side with the ax_client config a few posts earlier.

The Authorize.NET integration is executed server side. The enum "System.Net.SecurityProtocolType::Tls12" is not existing server side.

.NET 4.7 is installed on the server.
Community Member Microsoft Employee on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

Hi,

I don't have knowledge of an Authorize.net implementation. However, if it's just as straight forward as Digipoort is, there should be not much difference between client setup and server setup. But note: Installation of the certificates to the correct paths within the certificate manager 'root' are sometimes critical. Installing in 'Local Computer' vs 'Current User' makes a difference.
Quick Ly on at

Like (0)

Report

RE: Dutch taxreport must be send with new certificates and TLS 1.2

Hi,

You solve this also on the server.

See

forum.mibuso.com/.../server-certificate-is-not-configured-properly-with-http-sys-in-the-https-case

Please make copy of windows register before you changed it.

Quick1034