InstallationSelf-signed SSL certificate for the NAS service

Self-signed SSL certificate for the NAS service

Troubleshooting

Enable logging / check error information

If the WCF service is not running properly over SSL, after following the steps above, than enable logging on the WCF service. This can be done by adding a 'config' file to the NAS directory. The filename format should be 'host process name'.config.
When using a native NAV administration the filename will be 'nas.config'.
When using a SQL Server NAV administration the filename will be 'nassql.config'.

  • Open this new file in any text editor and add the following content to enable logging in the XML file:
    <?xml version="1.0"?>
    <configuration>
     <system.diagnostics>
      <trace autoflush="true" />
      <sources>
       <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
             <listeners>
        <add name="sdt" type="System.Diagnostics.XmlWriterTraceListener" initializeData= "SanaCommerceWcfServiceLog.xml" />
             </listeners>
        </source>
      </sources>
     </system.diagnostics>
     <system.serviceModel>
       <diagnostics>
      <messageLogging
        logEntireMessage="true"
        logMalformedMessages="false"
        logMessagesAtServiceLevel="true"
        logMessagesAtTransportLevel="false"
        maxMessagesToLog="3000"
        maxSizeOfMessageToLog="2000"/>
       </diagnostics>
     </system.serviceModel>
    </configuration>


  • Restart the NAS windows service. The file 'SanaCommerceWcfServiceLog.xml' should appear in the NAS directory;
  • Run the 'SvcTraceViewer.exe' tool and open the xml log file from the NAS directory (this tool is available from the Windows SDK). This tool will present specific error information which can identify the problem and lead you to the solution.
    For more information about the 'SvcTraceViewer.exe' tool, visit this website: http://msdn.microsoft.com/en-us/library/ms732023.aspx.

Do not get tricked by browser behavior

When testing remotely using a browser the error message or warnings can occur. For example Internet Explorer by default shows the error message: 'Internet Explorer cannot display the webpage' when the certificate is not trusted (like with our self-signed certificate). Other browsers like Google Chrome or Mozilla Firefox will present warnings about the certificate.

To prevent this, the Root certificate can be registered on your local machine by copying the CER-file to your local machine and double-click on it. After that the WCF service should be accessible through the browser.

InstallationSelf-signed SSL certificate for the NAS service