How to get Microsoft Dynamics NAV for tablets to connect using a self-signed certificate


OverviewThis blog post helps you connect Microsoft Dynamics NAV for tablets using a self-signed certificate. The targets for the blog post are the following apps:

  • Dynamics NAV for iPad
  • Dynamics NAV for Android
  • Dynamics NAV for modern Windows

The Internet Information Services Manager (IIS) needs a trusted certificate that holds the private key for https. iOS and Android need the https certificate to be trusted by a root certificate.

In this blog post, you will be creating one certificate that is used for both the IIS to enable https and to install on your device. Follow the steps below and replace the following string: <your site name> with the name of the site. You can either use a real name like www.abc.com, or use your pc name. It must match the first part of the URL that you have specified. Currently the PowerShell script New-SelfSignedCertificateEx supports Windows 8 and Windows Server 2012 and newer.

Steps

For the Microsoft Dynamics NAV Web server, do the following:

  1. Download and save the PowerShell script from https://gallery.technet.microsoft.com/scriptcenter/Self-signed-certificate-5920a7c6#content.
  2. Create the certificate:
    1. Open a PowerShell prompt with the option As administrator.
    2. Go to the directory where you saved the New-SelfSignedCertificateEx.ps1 file.
    3. Run the following command: Import-Module .\New-SelfSignedCertificateEx.ps1.
    4. Then run the following command: New-SelfSignedCertificateEx –Subject “CN=<your site name>” –IsCA $true –Exportable –StoreLocation LocalMachine –StoreName My.
    5. Manage the certificate:
      1. Open the mmc.exe.
      2. Go to the File menu, and then choose Add/Remove Snap-in...
      3. Select Certificates.
      4. Choose Add.
      5. Select the computer account.
      6. Choose Finish and then OK.
      7. Locate and copy the certificate you just created in the personal/certificates folder.
      8. Paste the certificate into the Trusted Root Certification Authorities/Certificates folder.
      9. Select the certificate, right-click and export the certificate.
      10. Select the No, do not export the private key option.
      11. Choose Next.
      12. Select DER encoded binary x.509 (.cer).
      13. Specify a location and filename and finish the wizard.
      14. Enable https: In IIS Manager, create a binding for https using the certificate you added.

Next

For iOS, do the following:

  1. Use the iPhone Configuration Utility tool from Apple http://support.apple.com/downloads/#iphone or mail the certificate you exported.
  2. Run the certificate file and install the certificate.
  3. You are now ready to start the Dynamics NAV app.

For Windows, do the following:

  1. If you run the client on the same box as the web server, then you are all set to go.
  2. Copy the certificate you exported to the tablet, install the certificate and place the certificate in the Trusted root certification authorities folder of the local machine.

For Android, do the following:

  1. Copy or mail the certificate that you exported.
  2. Run the certificate file and install the certificate.
  3. You are now ready to start the Dynamics NAV app.

This should help you get up and running using self-signed certificates. Be aware that Microsoft Dynamics NAV for tablets does not support Always Ask certificates.


Comments (19)

  1. Pallea says:

    AWESOME! Will try it right away (almost)

    /Palle

  2. Rene Gayer says:

    Probably this could help too

    http://youtu.be/7asFjgW5O-A

  3. Claus Rasmussen says:

    Good stuff and nice fast reaction to customer feedback 🙂 Look forward to trying it when I get home from Polen!

  4. vanAnaarB says:

    still no success. is there anyway to debug this?

  5. Claus Rasmussen says:

    Does not work for me either. I can connect to the tablet page via a browser using https but not with app.

    Is there a rule to use default https port? because I am accessing with

    https://<my computername>:8081/DynamicsNAV80/ in the app.

    https://<my computername>:8081/DynamicsNAV80/WebClient/tablet.aspx works in a browser (tried both IE and Chrome)

  6. Gilian says:

    By following the tips in this post, I was able to do the trick 🙂

    blog.httpwatch.com/…/five-tips-for-using-self-signed-ssl-certificates-with-ios

    For me the problem was the self-signed certificate. By creating them with OpenSSL and then sending the certificate to my iPad, the Ipad recognizes it as trusted. Otherwise it doesn't work!

    Mailing a certificate can also be tricky. Better send a link to your Onedrive / dropbox etc., cause certificates can be blocked attachment within Outlook.

  7. mikebc_MSFT says:

    Thankyou for sharing your experiences and concerns.

    I would like clarify app connectivity:

    For testing or demoing of the app, self-signed certificates can be used by following the steps in this blog post. If you still encounter issues, make sure you are entering the correct service URL in the app (https://<yourServer>/<yourWebServerInstance&gt;). If your server is not configured with default SSL port 443, make sure you specify your custom port number as <yourServer>:<portNumber> in the URL.

    In production, I recommend customers purchase a wildcard certificate from a publicly trusted certificate issuer. By doing this, the certificate can be deployed to the Dynamics NAV web server(s) and all devices are ready to connect to it securely with no additional effort. If you want low-effort and a great user experience, this is the way to go. Most apps you use today which connect to some service do the same. Think of any web shop you have visited recently: this most likely had an https address, did not display a certificate warning, and did not require you to install any certificate to complete your purchase; your NAV users expect that same experience.

    Best regards,

    Mike Borg Cardona

    Program Manager, Dynamics NAV

    1. Luben says:

      There seems to be a limitation in at least 2015 on using the wildcard in that you have to specify the DnsIdentity on all clients. Do correct me if i am wrong. I have posted the fix here: http://www.gi-architects.co.uk/2016/11/microsoft-dynamics-nav-2015-wildcard-certificate-problem/

      1. Pallea says:

        I am not sure if this is a bug. Btw. I am allways adding the DnsIdentity to my config-files, regardless of wildcard or not.

  8. Dave C says:

    I've been having issues connecting using a certificate issued by our domain CA.  From my machine I try and connect to https://<My FQDN>/dynamicsnav80 and get "Could not connect to the server".  From my colleagues machine I try and connect to the server running on my machine and it works fine.  I spent a long time trying to get it working with a self signed certificate, but didn't try connecting from another machine.  I will be trying it soon.  

    Are there just issues connecting to a server running on the same machine as the client?

  9. Claus Rasmussen says:

    Yea it also worked for me now!

    I follow the Austrian youtube video on how to make the certificate and then this http://www.mibuso.com/…/viewtopic.php small script did the rest.

    Seems to be a difference if the server and app is running on the maschine and this is fixed by the above script.

    So now I have sql server, service tier and app running on the same surface pro 3. I cannot wait to do my first demo with it next week 🙂

  10. Olivier says:

    This did also the trick for me:

    CheckNetIsolation.exe LoopbackExempt -a -n=microsoft.dynamicsnav_8wekyb3d8bbwe

  11. mikebc_MSFT says:

    A brief update regarding connectivity:

    Based on your feedback, we have greatly simplified the setup and configuration experience for one-box demo/trial deployments.

    If you are installing both the Microsoft Dynamics NAV server components as well as the app onto a single computer, then the app can connect using service name "http://localhost:8080/DynamicsNAV80&quot;. In this scenario, you are not forced to deploy certificates for SSL nor do you need to run CheckNetIsolation.exe. It just works.

    This is available with Dynamics NAV 2015 Cumulative Update 2 onwards and Dynamics NAV for modern Windows version 1.1 onwards.

    best regards,

    Mike Borg Cardona

    Program Manager, Dynamics NAV

  12. Henrik Ohm says:

    One box installation + 1 IPad

    Windows client – works

    Web client on computer – works

    NAV app on Win 8.1 – works

    Safari on IPad – works

    NAV app on IPad – does not work "Could not connect to.." error. I've been through all videoes, blogs etc. that I can find, but cannot make it work. No error message (reason), no nothing.

    Somebody please explain me what I'm doing wrong. Have used SSCerts generated using PowerShell from the DVD and this article.

    Thank you in advance!

    Henrik

  13. Henrik Ohm says:

    …and

    IPad Safari with tablet.aspx works for me! Just not the IPad APP from AppStore.

    Henrik

  14. 4BzSoftware says:

    After several days headache, I finally make NAV App work on IPad.

  15. unknown says:

    4BzSoftware, what steps have you done to set up your iPad?

  16. Architect11 says:

    Here are the steps:
    Go to your landing page in SAFARI:
    Demo env. Landing page : https://****.cloudapp.azure.com
    There click on the “Download Certificate” and then install the Certificate and trust it.
    Now go to iOS iPad app and type this URL in settings:
    https://****.cloudapp.azure.com/NAV
    and it will work fine.