You can use service certificates to help secure RoleTailored client connections over a wide area network (WAN). The certificate is a file that Microsoft Dynamics NAV Server uses to prove its identity and establish a trusted connection with the client that is trying to connect. Microsoft Dynamics NAV 2017 can support the following configurations:
- Chain trust, which specifies that each certificate must belong to a hierarchy of certificates that ends in a root authority at the top of the chain.
- Peer trust, which specifies that both self-issued certificates and certificates in a trusted chain are accepted.
The implementation in this section describes the chain trust configuration, which is the more secure option.
 Note |
|---|
| This implementation does not use Secure Sockets Layer (SSL). Although these implementations do use the public and private key infrastructure of SSL and SSL certificates, they use Windows Communication Foundation (WCF) transport-level security (TLS) over the TCP/IP protocol instead of https. This means that these are not strict SSL implementations. |
Certificates for Test and Production
In a production environment, you should obtain an certificate from a certification authority or trusted provider. Some large organizations may have their own certification authorities, and other organizations can request a certificate from a third-party organization. In a test environment, if you do not have certificate, then you can create your own self-signed certificate. For information about using self-signed certificates in a text environment, see Walkthrough: Implementing Security Certificates in a Test Environment.
About Certificates for Production Environment
In a production environment, you implement chain trust by obtaining X.509 service certificates from a trusted provider. These certificates and their root certification authority (CA) certificates must be installed in the certificates store on the computer that is running Microsoft Dynamics NAV Server. The CA certificate must also be installed in the certificate store on computers that are running the RoleTailored client so that clients can validate the server.
Most enterprises and hosting providers have their own infrastructure for issuing and managing certificates. You can also use these certificate infrastructures. The only requirement is that the service certificates must be set up for key exchange and therefore must contain both private and public keys. Additionally, the service certificates that are installed on Microsoft Dynamics NAV Server instances must have the Service Authentication and Client Authentication certificate purposes enabled.
For more information, see How to: Implement Security Certificates in a Production Environment.