This week I have been working with Certificates a LOT, and let me tell you, it’s a world on its own, I always had a lot of respect for the people that work on that field, now my respect is even greater!
As we are approaching our go-live date in my current project one of the things that we had left was to request an SSL Certificate for the Dynamics 365 Portal that we created.
If you don’t know what an SSL Certificate is or why do you need it, have a look at this website, I found it very useful:
What are SSL Certificates and who needs them
Your Dynamics Portal already has a certificate which makes it https:// however the one that is using is the wildcard one for all Azure Websites. If like myself, you have a different domain that you want to use, you will need to get a certificate for that domain and import it in the portal.
Now that we understand what the SSL certificates are, how do we get one for our Dynamics Portal?
Disclaimer: The following steps are the process of how I generated the certificate signing request (CSR) for my specific scenario, your might have a different set of requirements so please double check with your Third Party Authority before submitting the request.
Step 1. Generate a CSR (Certificate Signing Request)
One of the main things that any third party authority is going to ask for is for you to generate a CSR in the Web Server with the Organisation details plus the domain. The details that you are going to need are, bear in mind this is just an example:
CN (Certificate Name): www.mywebsite.com
C (Country): GB
L (Locality) : London
O (Organization): My Company
OU (Organizational Unit): IT Department
S (State): London
Things to bear in mind:
- Certificate Name needs to be also included in the Subject Alternate Names
- Certificate Name needs to be exactly what the users are going to type in their browser, if you want them to use www then add it to the name.
Once we have those details let’s jump onto a step by step guide:
- Open Management Console by doing Start + R and type MMC
- If it’s empty under Console Root, go to File -> Add or Remove Snap-Ins and add the certificates
- Under Certificates go to Personal -> Certificates-> Right click on the white space and choose “Create Custom Request”:
- Choose Proceed without enrollment policy
- Leave the next screen as it is:
- Expand Details and Click on Properties
- In the General tab, type a friendly name and a Description
- Go to the Subject and this is where we are going to input the details that we gathered above
- Once we have added all the Organizational details select the option DNS in the Alternative Name Type drop-down:
- Remember to add the Common Name and any other variation that you might want:
- Let’s move onto the next tab called Extensions, once there please expand the Key usage and select the following:
- Expand the Extended Key usage and choose:
- Almost there, let’s go to the Private key tab and expand the Key Options in order to make sure that we choose 2048 as the key size
- Leave the Hash Algorithm as default
- Click OK and then Next
- Next choose where to save the file that is going to generate, when saving it make sure that you save it as a .csr
- And that’s it, now if we navigate to the location and we open the CSR file with Notepad we can see what we need to send to the Third-Party Authority:
- Before you send it, I would recommend opening it up with the Command Prompt to validate that the details are correct, the command that you need to use is:
- That should bring up all the details of the Certificate Request
With that CSR, we are now ready to submit it to the Third Party Authority, they might take a couple of days to come back to you.
So what do we do next? Let’s have a look in the next post at how do we export the Private Key and convert the Certificate to a .PFX file so we can import it onto our Dynamics Portal.
Thanks for this post..is very useful! I need to solve a doubt: My Customer has a portal and his url is https://xxxxx.powerappsportals.com. I need to include the portal in a existing domain like https://xxxx.urlofmycustomer.es because they have another pages in that domain. Should I follow these steps? could you help me? Thank you!
Ese es el requisito exacto que yo tenia, sigues los pasos que indico en la parte 1 y 2. Acuérdate de registrar el dominio correcto en la configuración del portal.
Cualquier duda aqui estamos.
Muchísimas gracias Mario!