Skip to main content

Expired certificates renewal in D365FO

 


AX / D365FO – Expired certificates renewal in D365FO

Dynamics 365 for Finance and Operations on a local development environment may all of the sudden start reporting problems with the server due to expired certificates.

This image has an empty alt attribute; its file name is D365Blog_ExpiredCertificateRenewal_02-300x135.png

To be sure, you should open the Event Viewer, expand Windows Logs in the left pane and click on the Application node. Look for Warning logs with source ASP.NET and inspect their content. Therefore, when you’ll see ExpiredCertificateException under Exception information, as seen in the image below, you’re dealing with expired certificates.

This image has an empty alt attribute; its file name is D365Blog_ExpiredCertificateRenewal_03-300x223.png

Following the steps below, you will identify and extend required certificates to get access to Dynamics 365 for Finance and Operations again.

Step 1: Identify Expired Certificates

Start Windows PowerShell as administrator and enter the following two commands:

cd cert:\LocalMachine\My
ls | Select-Object NotAfter,Thumbprint,Subject | Where-Object -Property Subject -like "CN=DeploymentsOnebox.*" | Sort-Object -Property Subject,NotAfter

You will get the list of certificates, required by D365FO:

This image has an empty alt attribute; its file name is D365Blog_ExpiredCertificateRenewal_04-300x64.png

The NotAfter column shows when each of them expires. The Subject column contains descriptive information about certificates. The Thumbprint column contains the key by which the certificate is recognized by the operating system.

In the image above you can see, that all four certificates have already expired.

Step 2: Clone Expired Certificates and Extend Their Validitys

For each of the four certificates repeat the following commands:

$Thumbprint = (get-childitem -Path 01F93A5974A14DC3B40F1CF0BE78127974187BE5 )
New-SelfSignedCertificate -CloneCert $Thumbprint -NotAfter (Get-Date).AddMonths(120)

Replace01F93A5974A14DC3B40F1CF0BE78127974187BE5with the thumbprint of the certificate you want to clone.

You’ll get a new self-signed certificate valid for 10 years, cloned from the existing one, with its new thumbprint:

This image has an empty alt attribute; its file name is D365Blog_ExpiredCertificateRenewal_05-300x95.png

Step 3: Update D365FO’s Config Files

To see the new list of certificates run the following command in PowerShell:

ls | Select-Object NotAfter,Thumbprint,Subject | Where-Object -Property Subject -like "CN=DeploymentsOnebox.*" | Sort-Object -Property Subject,NotAfter

This image has an empty alt attribute; its file name is D365Blog_ExpiredCertificateRenewal_06-300x54.png

Now you see two certificates for each of the certificate types – one with the old validity and thumbprint and one with the new validity (current date + 120 months) and thumbprint.

Now start VisualStudio as administrator and open the following three files in the C:\AOSService\webroot folder:

  1. web.config
  2. wif.config
  3. wif.services.config

Press Ctrl+Shift+H key combination to open Find and Replace dialog. Make sure that you select All Open Documents in the Look in drop-down selection box, so that find and replace action will be applied on all three open files.

Now you will have to repeat the following actions for each pair of certificate types:

  1. In the Find what box enter the thumbnail of the old (expired) certificate.
  2. In the Replace with box enter the thumbnail of the cloned new certificate.
  3. Replace all the occurrences in open files.
This image has an empty alt attribute; its file name is D365Blog_ExpiredCertificateRenewal_07-300x179.png

After you have done this for all four certificates, save the three config files and close VisualStudio.

Restart your browser and navigate to D365FO. It should start without any problems.

Labels:

Comments

Post a Comment

Popular posts from this blog

D365 finops send attachment as public URL X++

D365 finops send attachment as public URL X++ A customer needs to download attachments from a mobile application that is connected to Dynamics 365 Finance and Operations (FinOps). I have created the following function in the Service to generate a public URL for the attachments. public str getPublicUrl(RecId _recid) {     DocuRef _ref;     select _ref where _ref.RecId == _recid && _ref.RefTableId == tableNum(PurchTable);     if (_ref.RecId)     {         return File::SendFileToTempStore(             DocumentManagement::getAttachmentStream(_ref),             ERDocuRef_Extension::filename(_ref),             classstr(FileUploadTemporaryStorageStrategy),             true         );     }     else     {         throw error("Attachment not found for the provided RecId.");     } }
1 comment
Read more

Error division by Zero

  AX / D365FO – How to prevent the error ‘Division by zero’ If you’re gonna write code like A = B /C, you better make sure that C holds a value. Of course you can do a check with a simple if-statement (if C then A = B/C), but there is an easier way. You can use  minOne , a method that exists in the Global class. int a,b,c; if(b) c = a / b; else print " Cannot divide by zero" OR c = a / c = a / minOne(b) ; //it returns a itself if b is zero because minOne() returns non zero values that we passes. I //it returns a itself if b is zero because minOne() returns non zero values that we passes. I f it is zero then it retuns 1
Post a Comment
Read more