Securing the NAV Web Client Connection with SSL

With a Virtual machine on Azure as a NAV Server and with an endpoint created in Azure management portal, we will be able to access NAV Web Client from anywhere through the internet! More details here

In this blog, I will be writing about securing this web client connection. [HTTP to HTTPS]

http to https

 

Microsoft recommends that you secure Microsoft Dynamics NAV data that is transmitted over the Internet by enabling Secure Sockets Layer (SSL) on the connection to Microsoft Dynamics NAV Web client.

SSL is a web protocol that encrypts data that is transmitted over a network to make the data and the network more secure and reliable. A website that is enabled with SSL uses Hypertext Transfer Protocol Secure (HTTPS) instead of Hypertext Transfer Protocol (HTTP) as a communication protocol. To enable SSL on a website, we need to install an SSL certificate on the web server.

Step 1: Obtaining SSL Certificate

[Note: In a production environment, you should obtain an SSL certificate from a certification authority. Some large organizations may have their own certification authorities, and other organizations can request a certificate from a third-party organization. ]

In Test environment or development environment, you can create your own self-signed certificate:

> Login to Azure Virtual Machine and open Internet Information Services (IIS) Manager. Select your Server under Connections –> Click on Server Certificates –> Open Feature

Untitled1

 

 

> We need to create a new certificate here for the NAV web client.

[Note: By default there will be one certificate for the Azure VM and you can ignore it here. For web-client certificate, Use Method A OR Method B to create a new certificate. Method B is my personal choice!]

Method A: Click on Create Self-Signed Certificate under actions, Specify a Friendly Name and Click on OK.

Untitled2

 

Untitled3

 

A new certificate will be created as shown below:

Untitled4

The problem with this method is, when we open the Web client after completing the steps, a certificate warning will be shown on the internet browser!!

This is because, the certificate is Issued to and Issued by the computer name instead of the whole DNS name.

 

Method B: This method uses PowerShell to create a new certificate. Open Windows PowerShell as Administrator and type the following command and enter.

New-SelfSignedCertificate -DnsName VMname.cloudapp.net -CertStoreLocation cert:\LocalMachine\My

Replace VMname with your Virtual machine name.

Untitled4.5

With this method, you will be able to see a certificate created under Server Certificates as shown below:

Untitled4.7

With this method, we will be able to remove the certificate warning message when we open the web client in the internet browser.

You can also use the MakeCert tool to create a certificate.

Step 2: Adding an HTTPS Binding That Uses the Certificate on the Microsoft Dynamics NAV Web Client Site

> Open IIS Manager, under Connections, expand server name, expand sites and choose the Microsoft Dynamics NAV Web client site to which you want to add the binding (By default, the site has the name Microsoft Dynamics NAV 2013 R2 Web Client)

> In the Actions pane, choose Bindings.

Untitled5

 

> In the Site Bindings Dialog box, select the existing item for Port 8080 and click on Edit

Untitled6

> Change the type from http to https, select the newly created certificate under SSL Certificate and click on Ok.

Untitled7

Note: You can choose to add a new item under Site Bindings with Port 443 for WebClient with https Type. when you use port 443, you can omit the port number in the NAV web client URL. With any other port number (ex: 8080), we need to specify the port number in the NAV web client URL.

Step 3: Testing Microsoft Dynamics NAV Web Client with Https

>From an outside computer with Internet access, try opening NAV web client with https (https://VMName.cloudapp.net:8080/DynamicsNAV71/Webclient)

> For the first time, you might receive a certificate warning as shown in the below image. To remove this warning message, we need to install the certificate on the client machine.

Untitled8

> Run internet explorer as administrator and paste the web client URL again. When the certification warning occurs, click on Certificate error and click on View Certificates

Untitled9

> Click on Install Certificate

Untitled10

>Select Local Machine and click on Next

Untitled11

> Place the certificate in the Trusted root Certification Authorities store and click on Next and Finish.

Untitled12

> Close all the browsers and try opening NAV Web Client with the https URL in a new internet browser window. This time web client opens with no certificate warnings but safe and secure with https.

Enjoy the secure web client connection to NAV on Azure:)