Step 1: Create a new self-signed certificate
Run the following Power Shell command (Run as Administrator):
New-SelfSignedCertificate -Subject "CN=*.cloud.onebox.dynamics.com,O=Microsoft Corporation,L=Redmond,S=WA,C=US" -DnsName "*.cloud.onebox.dynamics.com", "usnconeboxax1ecom.cloud.onebox.dynamics.com", "usnconeboxax1pos.cloud.onebox.dynamics.com", "usnconeboxax1ret.cloud.onebox.dynamics.com" -CertStoreLocation "cert:\LocalMachine\My" -KeyUsage DataEncipherment, KeyEncipherment, DigitalSignature -HashAlgorithm "SHA384" -KeyAlgorithm RSA -KeyLength 2048 -NotAfter (Get-Date).AddYears(5)
This would create a new certificate, set to expire in 5 years.
Step 2: Copy the new certificate to the folder where trusted certificates are stored
Open Manage computer certificates (certlm).
Newly generated certificate can be found in the Personal\Certificates folder.
It has the same name as the old one, but different expiration date.
Now copy and paste the new certificate to the Trusted Root Certification Authorities\Certificates folder.
Step 3: Bind the new certificate with D365FO
Open Internet Information Services (IIS) Manager.
Now navigate to the AOSService site (1), click the Bindings link on the right
(2) and select the hostname
(3) and then click the Edit button
(4)The Edit Site Binding dialog opens. Open the SSL certificate drop-down selection box
(5)You will see two certificates with the same name (*.cloud.onebox.dynamics.com). The one selected is probably the old one. Select the other one. Then click the View button to inspect, if you selected the right certificate (by checking the expiry date, for example).
Click Yes if the system asks for confirmation to change the certificate for other related sites.
Close all open dialogs. Restart the AOSService (Click the Restart link under Manage Websites in the vertical pane on the right).
Step 4: Test if the connection to D365FO is treated as safe in Chrome
Restart Chrome and navigate to D365FO. It should work fine.
No comments:
Post a Comment