Published by Michael Wong on
March 31, 2015 - 10:00pm
NOTE: For the
purposes of explaining we will be using the port 7047; however, you can use any
port configured for your Web Service.
Requirements
·
Existing Microsoft Dynamics NAV Web Services
·
SSL Certificate installed in Personal Certificates
·
Administrative rights to server
Configure Web Service to use SSL
1. Run notepad As
Administrator and open theCustomSettings.config file on
the computer where the Microsoft Dynamics NAV Server is installed. The default
location is:
“C:\Program Files\Microsoft Dynamics NAV\Service\CustomSettings.config”
“C:\Program Files\Microsoft Dynamics NAV\Service\CustomSettings.config”
2. Locate the key:
false ">
and change the value from false to true
3. Open the Services
Snap In by going to Administrative Tools > Services.
4. Restart the Microsoft
Dynamics NAV Business Web Services service.
Import the SSL Certificate into the local computer store
If you already have
the Certificates Snap-In, open the certificates Snap In and skip to step 8.
1. Go to the Start menu
and click Run.
2. Type mmc and
click OK.
3. On the File menu,
click Add/Remove Snap-in.
4. Locate the Certificates Snap-In
and click Add.
5. Select Computer
Account and click Finish.
6. Select Local
Computer and click Finish.
7. Click OK to
close the Add or Remove Snap-ins window.
8. In the left pane of
the console, expand Certificates (Local Computer).
9. Right Click on Personal and
click Import.
10. When the wizard opens
click Next.
11. Browse to your
certificate and click Next.
12. If the certificate
has a password enter it and click Next
13. Select Place
all certificates in the following store and click Next.
14. Click Finish then OK to
confirm that the import was successful.
Obtain the Certificate’s Thumbprint
1. In the Certificates snap-in,
expand the Personal folder and select Certificates.
2. Locate the
certificate you wish to use and double-click it.
3. In the certificate
window, click on Details.
4. In the Details pane,
scroll down to find the Thumbprint field.
5. Copy the text to a
text editor and remove all spaces. Save this for later
Figure 1. Certificate
window with Details pane displayed and the Thumbprint field highlighted.
Configure the server’s Access Control List and the Web Services Port
1. Open a command prompt
window with elevated (administrative) rights.
2. If the service is
already running and configured, you will need to remove its entries.
3. Run the following
command to show all port mappings for the server:
netsh http show urlacl
netsh http show urlacl
4. The system should
return a list of ports and you should see one registered to DynamicsNAV:http://+:7047/DynamicsNAV/
Figure 2. The + after
the http signifies localhost
5. You will need to
delete all entries associated with the port for DynamicsNAV. In the example
above you see both http://+:7047/ and http://+:7047/DynamicsNAV.
Both will need to be removed.
Both will need to be removed.
6. Remove them by using
the following command:
netsh http delete urlacl url={your url here}
Replace the highlighted text with the url from the previous command, e.g., http://+:7047/
netsh http delete urlacl url={your url here}
Replace the highlighted text with the url from the previous command, e.g., http://+:7047/
7. You will now need to
register the service back with a URL using https. Run the following
command to add the base service:
netsh http add urlacl url=https://+:7047/ sddl=D:(A;;GX;;;NS)(A;;GX;;;BA)
If your port is not 7047, you can adjust the URL to your needs. Make sure that the https is set in the url.
netsh http add urlacl url=https://+:7047/ sddl=D:(A;;GX;;;NS)(A;;GX;;;BA)
If your port is not 7047, you can adjust the URL to your needs. Make sure that the https is set in the url.
8. Run the following
command to register the DynamicsNAV web service port:
netsh http add urlacl url=https://+:7047/DynamicsNAV/ user={your service username}
Replace the highlighted portion with your service user account e.g. CONTUSO\navservices
Notice that to register the base port, I used “sddl,” and for the Web Service Port, I used “user.” You can use “sddl” for both; however, in order to do so, you will need to get the active directory SID of the user. The format will be as follows:
D:(A;;GX;;;{user SID here})
netsh http add urlacl url=https://+:7047/DynamicsNAV/ user={your service username}
Replace the highlighted portion with your service user account e.g. CONTUSO\navservices
Notice that to register the base port, I used “sddl,” and for the Web Service Port, I used “user.” You can use “sddl” for both; however, in order to do so, you will need to get the active directory SID of the user. The format will be as follows:
D:(A;;GX;;;{user SID here})
Configure the port to use the SSL Certificate
1. Verify that the port
you wish to use does not already have an SSL certificate assigned to it by
typing the following:
netsh http show sslcert
netsh http show sslcert
2. If you see any entry
where the IP:port is bound to the same port as your Web Service, you will want
to remove it by typing the following:
netsh http delete sslcert ipport=0.0.0.0:{your port here}
netsh http delete sslcert ipport=0.0.0.0:{your port here}
3. Register your SSL
certificate to your Web Service port with the following:
netsh http add sslcert ipport=0.0.0.0:{your port here} certhash={certificate thumbnail here} appid={00000000-0000-6002-0022-0000836BD2D2}
Make sure to change the highlighted areas with your appropriate information. The appID is any valid GUID in your system. The example above is the GUID for the NAV Server.
netsh http add sslcert ipport=0.0.0.0:{your port here} certhash={certificate thumbnail here} appid={00000000-0000-6002-0022-0000836BD2D2}
Make sure to change the highlighted areas with your appropriate information. The appID is any valid GUID in your system. The example above is the GUID for the NAV Server.
4. Restart the Microsoft
Dynamics NAV Business Web Services service.
5. Test the service by
going to the following address in your web browser:
https://localhost:7047/DynamicsNAV/WS/Services
https://localhost:7047/DynamicsNAV/WS/Services
