10 Oct’18

D365 Business CentralTo make the Business Central WebClient Accessible Externally


In this blog , I will demonstrate the use of SSL certificates to help secure connections over a wide area network (WAN),  connection from the Business Central Web Server to the Business Central Server.  Business Central can support the following configurations:

  • Chain trust, which specifies that each certificate must belong to a hierarchy of certificates that ends in a root authority at the top of the chain.
  • Peer trust, which specifies that both self-issued certificates and certificates in a trusted chain are accepted.

The implementation in this section describes the chain trust configuration, which is the more secure option.


1. Microsoft Dynamics 365 Business Central
2. SSL Certificates


1. Obtaining Certificates: You implement chain trust by obtaining X.509 service certificates from a trusted provider. These certificates and their root certification authority (CA) certificates must be installed in the certificates store on the computer that is running Microsoft Dynamics 365 Business Central Server. The CA certificate must also be installed in the certificate store on computers that are running the Business Central Web Server so that clients can validate the server.
2. Run the Certificates Snap-in for Microsoft Management Console and Install and Configure the Certificates. (NOTE: The Server Authentication and Client Authentication purposes must be enabled.)

3. Grant access to the Business Central Server service account:  After you have installed the root CA and the service certificate on the computer running Business Central Server, you must grant access to the service account that is associated with the server so that the service account can access the service certificate’s private key.

  • In the left pane of MMC, expand the Certificates (Local Computer) node, expand the Personal node, and then select the Certificates subfolder.
  • In the right pane, right-click the certificate, select All Tasks, and then choose Manage Private Keys.
  • In the Permissions dialog box for the certificate, choose Add.
  • In the Select Users, Computers, Service Accounts, or Groups dialog box, enter the name of the dedicated domain user account that is associated with Business Central Server, and then choose the OK button.
  • In the Full Control field, select Allow, and then choose the OK button.
  • In the right pane, select the certificate.
  • In the Certificate dialog box, choose the Details tab, and then select the Thumbprint field.
  • Copy the value of Thumbprint field. For example, copy the hexadecimal characters to text editor, such as Notepad. Delete all spaces from the thumbprint string. If the thumbprint is c0 d0 f2 70 95 b0 3d 43 17 e2 19 84 10 24 32 8c ef 24 87 79 then change it to c0d0f27095b03d4317e219841024328cef248779.

4. Configure the Business Central Server instance: Enter the service certificate thumbprint and the credential type as ‘NavUserPassword’ and restart the server.

5. In the Windows Client Configuration file (ClientUserSetting.config ) and the Web Client Configuration file (NavSettings.json)  make the credentials as ‘NavUserPassword’ and the DNSIdentity as the subject name of the certificate.

The location of Windows Client Configuration  file is Users\<username>\AppData\RoamingLocal\Microsoft\Dynamics 365 Business Central\.

The location of Web Client Configuration file is  C:\inetpub\wwwroot\BC130\navsettings.json.

6. Now go to IIS and set the bindings for https ( hostname will be the domain name of the server) and in SSL certificate select the CA Root certificate.

7. Now add the CA Root certificate in the external computer and enter the link for WebClient in the browser. (https://<Domain Name>/BC130)


Thus, we have accessed the WebClient externally using the SSL.

Written by

Dhruv Mehta

Trainee Software Engineer

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to streamline your business processes?

  • This field is for validation purposes and should be left unchanged.

Recent Articles

  • Expenses in PSA for Fixed Bid and T&M contracts

    23 August’ 2019

    Problem Definition: One of my clients decided to use Expense module in PSA and to his surprise he could see the amount v...

    Read more
  • Setup Dockers

    23 August’ 2019

    Docker is an independent container platform that enables organizations to seamlessly build, share and run any applicatio...

    Read more
  • Qualify Lead in D365 CE: Select which entity records should be created

    20 August’ 2019

    Wave 2019 Updates brought some really sought-after features. Another one which I would like to bring up is the Lead Qual...

    Read more
  • Early Opt-in for October 2019 Wave 2 Updates

    20 August’ 2019

    August 2, 2019 was when the Wave 2 Updates were to be out. And here we are! By now, you should have gotten the option to...

    Read more
  • Setting Unified Interface App Icons

    20 August’ 2019

    Default App Icons for typical D365 environment look like these.But here’s what you can do to change these to put...

    Read more
  • We respect your privacy.
  • This field is for validation purposes and should be left unchanged.