Advanced Installation TopicsSelf-Signed SSL for NAS

Self-Signed SSL for NAS

Sana Commerce 8.3
Your provider

Configure ACL and NAS Port (WS 2003)

The commands in this chapter are applicable if you are running on Windows Server 2003.

To configure Access Control List and Microsoft Dynamics NAS service port:

Step 1: Delete any entries that use the same port as NAS. To do this, execute the following command:

httpcfg delete urlacl -u http://+:6050/navision/

Step 2: Check the URL reservation. Execute the following command:

httpcfg query urlacl

Step 3: Register the port for the NAS with https. Execute the following command:

httpcfg set urlacl /u https://+:6050/navision/ /a "O:AUG:AUD:(A;;GA;;;AU)"
Specify the user name of the service account for NAS. If the service account for NAS is Network Service, then use "NT AUTHORITY\NETWORK SERVICE".

Step 4: To verify that your port has been registered, execute the following command:

httpcfg query urlacl

Step 5: Determine certhash and appid of the certificate. Execute the following command:

certutil -store "My" "0.0.0.0"
Substitute the subject's certificate name ("0.0.0.0") with the external server IP address.

After executing the command you will see the certificate details. Copy the Cert Hash into any text editor without any spaces.

Step 6: Bind an SSL certificate to the NAS port. Execute the following command:

Httpcfg.exe set ssl -i 0.0.0.0:7047 -h 14d8442f6703709002d825de36c47769cc6cb6b4 -g "{12c1ee1b-a83f-40bc-badb-798f4be9802d}"

Substitute the following options with the proper values:

Option Description
ipaddress The IP address that can use NAS. You can use 0.0.0.0 to include all IP addresses.
port The port that is used by NAS.
certhash The certificate thumbprint that you pasted to the text editor previously.
appid A 32-digit hexadecimal number that identifies the Microsoft Dynamics NAV application. The id must be in the format {NNNNNNNN-NNNN-NNNN-NNNN-NNNNNNNNNNNN}. If you do not know the appid, then use any value, such as {00112233-4455-6677-8899-AABBCCDDEEFF}.

Step 7: To verify the SSL certificate binding, execute the following command:

httpcfg query ssl

Step 8: Restart NAS service.

Advanced Installation TopicsSelf-Signed SSL for NAS