10 Oct’18

D365 Business Central

To make the Business Central WebClient Accessible Externally


In this blog , I will demonstrate the use of SSL certificates to help secure connections over a wide area network (WAN),  connection from the Business Central Web Server to the Business Central Server.  Business Central can support the following configurations:

  • Chain trust, which specifies that each certificate must belong to a hierarchy of certificates that ends in a root authority at the top of the chain.
  • Peer trust, which specifies that both self-issued certificates and certificates in a trusted chain are accepted.

The implementation in this section describes the chain trust configuration, which is the more secure option.


1. Microsoft Dynamics 365 Business Central
2. SSL Certificates


1. Obtaining Certificates: You implement chain trust by obtaining X.509 service certificates from a trusted provider. These certificates and their root certification authority (CA) certificates must be installed in the certificates store on the computer that is running Microsoft Dynamics 365 Business Central Server. The CA certificate must also be installed in the certificate store on computers that are running the Business Central Web Server so that clients can validate the server.
2. Run the Certificates Snap-in for Microsoft Management Console and Install and Configure the Certificates. (NOTE: The Server Authentication and Client Authentication purposes must be enabled.)

3. Grant access to the Business Central Server service account:  After you have installed the root CA and the service certificate on the computer running Business Central Server, you must grant access to the service account that is associated with the server so that the service account can access the service certificate’s private key.

  • In the left pane of MMC, expand the Certificates (Local Computer) node, expand the Personal node, and then select the Certificates subfolder.
  • In the right pane, right-click the certificate, select All Tasks, and then choose Manage Private Keys.
  • In the Permissions dialog box for the certificate, choose Add.
  • In the Select Users, Computers, Service Accounts, or Groups dialog box, enter the name of the dedicated domain user account that is associated with Business Central Server, and then choose the OK button.
  • In the Full Control field, select Allow, and then choose the OK button.
  • In the right pane, select the certificate.
  • In the Certificate dialog box, choose the Details tab, and then select the Thumbprint field.
  • Copy the value of Thumbprint field. For example, copy the hexadecimal characters to text editor, such as Notepad. Delete all spaces from the thumbprint string. If the thumbprint is c0 d0 f2 70 95 b0 3d 43 17 e2 19 84 10 24 32 8c ef 24 87 79 then change it to c0d0f27095b03d4317e219841024328cef248779.

4. Configure the Business Central Server instance: Enter the service certificate thumbprint and the credential type as ‘NavUserPassword’ and restart the server.

5. In the Windows Client Configuration file (ClientUserSetting.config ) and the Web Client Configuration file (NavSettings.json)  make the credentials as ‘NavUserPassword’ and the DNSIdentity as the subject name of the certificate.

The location of Windows Client Configuration  file is Users\<username>\AppData\RoamingLocal\Microsoft\Dynamics 365 Business Central\.

The location of Web Client Configuration file is  C:\inetpub\wwwroot\BC130\navsettings.json.

6. Now go to IIS and set the bindings for https ( hostname will be the domain name of the server) and in SSL certificate select the CA Root certificate.

7. Now add the CA Root certificate in the external computer and enter the link for WebClient in the browser. (https://<Domain Name>/BC130)


Thus, we have accessed the WebClient externally using the SSL.

Written by

Dhruv Mehta

Software Engineer

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to streamline your business processes?

  • This field is for validation purposes and should be left unchanged.

Recent Articles

  • How to enable Document ID in SharePoint Online

    16 May’ 2019

    Introduction: As you know that SharePoint Online can be used as a document management platform and with the help of Docu...

    Read more
  • Count Number of files in SharePoint folder

    15 May’ 2019

    Introduction: This blog explains how to Count No of files in SharePoint folder using MS Flow. Steps to be followed:Sel...

    Read more
  • Professional Services Automation (PSA) for CPA firms

    14 May’ 2019

    With the evolution of Technology, every industry is getting process oriented and so are CPA firms getting more organized...

    Read more
  • What if the Resource Requirement Still appears post the task is deleted from Schedule (WBS) in PSA V3?

    13 May’ 2019

    Problem Definition: I have observed a fact in PSA that when the task in PSA Schedule (WBS) is deleted, the corresponding...

    Read more
  • Discount Settings for D365 Sales Line Items – Line Items or Per Unit?

    10 May’ 2019

    For Line Item entities Opportunity Products, Quotes Products, Order Products or Invoice Products, you can chose what typ...

    Read more
  • We respect your privacy.
  • This field is for validation purposes and should be left unchanged.