How to Create and use Self-signed SSL Certificate for Dynamics NAV

Introduction

• This article explains how to create an SSL certificate for a Test environment.
  
• For a Live environment, you must purchase SSL certificate from a certification authority, for example Comodo, Symantec, Digicert, etc.
  
• Keep a copy of Certificate Thumbprint and a copy of the Certificate generated.
  

Pre-Requisites

Download Self-signed certificate generator (PowerShell).

Create SSL Certificate

1. Open Windows Powershell ISE – Run as administrator
   
2. Know you Execution Policy:
   
   1. The following command gets the current execution policy: Get-ExecutionPolicy
      
   2. If it is Restricted, change the Execution Policy, for example in this case: Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
      

1. Go to the location where you saved the New-SelfSignedCertificateEx.ps1 file.
   
2. Run the following command:
   Import-Module .\New-SelfSignedCertificateEx.ps1
   

1. Run the following command, where you can find the <Full Computer Name> from system properties:
   New-SelfSignedCertificateEx –Subject “CN=<Full Computer Name>” –IsCA $true –Exportable –StoreLocation LocalMachine
   
   

1. Copy and Save the Thumbprint for later use.
   

Manage Certificate

1. Open Microsoft Management Console (mmc.exe)
   

1. Click File, Add/Remove Snap-in
   
2. Select Certificates
   
3. Click Add
   
4. Select the Computer Account
   
5. Click Finish and OK
   

Locate the Certificate

Now you can locate the Certificate under: Console Root, Certificates (Local Computer), Personal, Certificates.

• The name will be same as your service tier Machine.The Expiration Date Will be 1Y-2D (01 Year – 02 Days) for that certificate and it will be valid from 01 Day Before you create Certificate.
  

Assign Permissions to Certificate

1. Right Click on the certificate.
   
2. Click All Tasks, Manage Private Keys
   
3. Add Permission for the Account which is used to Run Dynamics NAV Services.
   

Copy and Paste Certificate

1. Copy the Certificate from Personal, Certificates node.
   
2. Paste the certificate into the Trusted Root Certification Authorities, Certificates node.
   

Download and Save the Certificate

1. Right-click and Export the certificate
   

1. Select the No, do not export the private key option
   

1. Choose Next
   
2. Select DER encoded binary x.509 (.cer)
   

1. Specify a File Name and Finish the wizard. For example, here we have saved it as “NAV_Certificate.cer”.
   

1. Copy and Save the certificate for later use.