How to: Create a Self-signed Security Certificate Using PowerShell Script
With the New-NavSelfSignedCertificate
PowerShell cmdlet, you can create a self-signed certificate to help secure the communication between the Microsoft Dynamics NAV Server and the Microsoft Dynamics NAV Web client.
Running the New-NavSelfSignedCertificate
takes several parameters. One of these parameters is MakeCertExePath
. This parameter must be filled in with the file path of the Windows SDK MakeCert.exe file. Typically, this file can be found under C:\Program Files (x86)\Windows Kits\8.1\bin\x86\makecert.exe. If you do not have a Windows 7.1 or 8.1 SDK on the Microsoft Dynamics NAV Server computer, you can download this from MSDN.
To create a self-signed security certificate using the PowerShell script
On the computer or virtual machine that is running Microsoft Dynamics NAV Server, run Microsoft Dynamics NAV Administration Shell as an Administrator.
Choose Start, in the Search box, type Microsoft Dynamics NAV Administration Shell.
Right-click the related link, and then choose Run as Administrator.
At the command prompt, import the PowerShell module by typing the following command:
Import-Module <dvddir>\\WindowsPowerShellScripts\NAVCertificateAdministration\NAVCertificateAdministration.psm1
or a path equivalent to where your PowerShell module is located.Next, at the command prompt, type the following command:
New-NavSelfSignedCertificate <parameters>
The following table describes the parameters you can specify:
Parameter name Type Description -TestCertificateName
Type:String
The name that identifies your test certificate. The default value is
TestCertificate
. This parameter is optional.-TestCertificateServerAddress
Type:String
The authority/entity that this certificate is issued for. Default is the computer host name. Specify this value if the Microsoft Dynamics NAV Server is accessed by using an address that differs from the computer name. This parameter is optional.
-TestCertificateRootCertificateAuthorityName
Type:String
The root certificate authority name. The name will identify the root certificate issuer. The default value is the
TestCertificate
parameter value prefixedRootCA
. This parameter is optional.-Outputfolder
Type:String
Specifies the output folder for the certificates. Default is the location where the script was executed from. This parameter is optional.
-MakeCertExePath
Type:String
The path of the Windows SDK MakeCert.exe tool. Default is the specified
Outputfolder
. This parameter is optional.-NavServiceIdentity
Type:String
Username for the identity running the Microsoft Dynamics NAV Server. Default is
NTAUTHORITY\Network Service
. This parameter is optional.-Import
Type:String
Imports the certificates after creation. If not specified, the user will be prompted for a reply. This parameter is optional.
-SkipImport
Type:Boolean
false will import certificates and true will skip the import of certificates.
The New-NavSelfSignedCertificate
PowerShell cmdlet has now generated a self-signed security certificate with an accompanying root certificate and root revocation list, which is put under the specified output folder. Once the cmdlet is run, you have the option to import the security certificate, root certificate, and root revocation list to the local computer.
See Also
Tasks
Walkthrough: Implementing Security Certificates in a Test Environment