Hello team,

This week I have been working with Certificates a LOT, and let me tell you, it’s a world on its own, I always had a lot of respect for the people that work on that field, now my respect is even greater!

As we are approaching our go-live date in my current project one of the things that we had left was to request an SSL Certificate for the Dynamics 365 Portal that we created.

If you don’t know what an SSL Certificate is or why do you need it, have a look at this website, I found it very useful:

What are SSL Certificates and who needs them

Your Dynamics Portal already has a certificate which makes it https:// however the one that is using is the wildcard one for all Azure Websites. If like myself, you have a different domain that you want to use, you will need to get a certificate for that domain and import it in the portal.

Now that we understand what the SSL certificates are, how do we get one for our Dynamics Portal?

Disclaimer: The following steps are the process of how I generated the certificate signing request (CSR) for my specific scenario, your might have a different set of requirements so please double check with your Third Party Authority before submitting the request.

Step 1. Generate a CSR (Certificate Signing Request)

One of the main things that any third party authority is going to ask for is for you to generate a CSR in the Web Server with the Organisation details plus the domain. The details that you are going to need are, bear in mind this is just an example:

CN (Certificate Name): www.mywebsite.com

C (Country): GB

L (Locality) : London

O (Organization): My Company

OU (Organizational Unit): IT Department

S (State): London

SubjectAlternateNames: www.mywebsite.com,mywebsite.com,portal.mywebsite.com

Things to bear in mind:

  • Certificate Name needs to be also included in the Subject Alternate Names
  • Certificate Name needs to be exactly what the users are going to type in their browser, if you want them to use www then add it to the name.

Once we have those details let’s jump onto a step by step guide:

  1. Open Management Console by doing Start + R and type MMCsslcert-1
  2. If it’s empty under Console Root, go to File -> Add or Remove Snap-Ins and add the certificatessslcert-2
  3. Under Certificates go to Personal -> Certificates-> Right click on the white space and choose “Create Custom Request”:sslcert-3
  4. Choose Proceed without enrollment policysslcert-4
  5. Leave the next screen as it is:sslcert-5
  6. Expand Details and Click on Propertiessslcert-6
  7. In the General tab, type a friendly name and a Descriptionsslcert-7
  8. Go to the Subject and this is where we are going to input the details that we gathered abovesslcert-8sslcert-8a
  9. Once we have added all the Organizational details select the option DNS in the Alternative Name Type drop-down:sslcert-9
  10. Remember to add the Common Name and any other variation that you might want:sslcert-10
  11. Let’s move onto the next tab called Extensions, once there please expand the Key usage and select the following:sslcert-11
  12. Expand the Extended Key usage and choose:sslcert-12
  13. Almost there, let’s go to the Private key tab and expand the Key Options in order to make sure that we choose 2048 as the key sizesslcert-13
  14. Leave the Hash Algorithm as defaultsslcert-14
  15. Click OK and then Nextsslcert-15
  16. Next choose where to save the file that is going to generate, when saving it make sure that you save it as a .csrsslcert-16
  17. And that’s it, now if we navigate to the location and we open the CSR file with Notepad we can see what we need to send to the Third-Party Authority:sslcert-17
  18. Before you send it, I would recommend opening it up with the Command Prompt to validate that the details are correct, the command that you need to use is:sslcert-18
  19. That should bring up all the details of the Certificate Request

 

With that CSR, we are now ready to submit it to the Third Party Authority, they might take a couple of days to come back to you.

So what do we do next? Let’s have a look in the next post at how do we export the Private Key and convert the Certificate to a .PFX file so we can import it onto our Dynamics Portal.

Thanks,

Mario