最新消息:ww12345678 的部落格重装上线,希望大家继续支持。

更新Dynamics 365 财务和运行的开发环境服务器上的证书/ Renew Dynamics 365 for Finance and Operations Certificate on Dev Machine

网络文摘 William 210浏览 0评论
This was a internal request from support team to quickly fix the certificate expire issue. I would like to post it here in case you need it. Please note this should only apply to your Dev VHD, and strongly recommand you create a checkpoint before proceed.

One script for all steps(renew certificate,grant permission, replace in config, reset iis and batch)

Function Update-Thumberprint

{

    Set-Location -Path “cert:\LocalMachine\My”

    $oldCerts = Get-childitem | where { $_.subject -match “DeploymentsOnebox” -or $_.Subject -match “MicrosoftDynamicsAXDSCEncryptionCert”}

    $ConfigFiles =

    @(“C:\AOSService\webroot\web.config”,

      “C:\AOSService\webroot\wif.config”,

      “C:\AOSService\webroot\wif.services.config”,

      “C:\FinancialReporting\Server\ApplicationService\web.config”,

      “C:\RetailServer\webroot\web.config”

      )

    foreach ($oldCert in $oldCerts)

    {

        $newCert = New-SelfSignedCertificate -CloneCert $oldCert

        #consider to delete the old cert

        $keyPath = Join-Path -Path $env:ProgramData -ChildPath “\Microsoft\Crypto\RSA\MachineKeys”

        $keyName = $newCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName

        $keyFullPath = Join-Path -Path $keyPath -ChildPath $keyName

        $aclByKey = (Get-Item $keyFullPath).GetAccessControl(‘Access’)

        $permission = “EveryOne”,“Read”, “Allow”

        $accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission

        $aclByKey.SetAccessRule($accessRule)

        Set-Acl -Path $keyFullPath -AclObject $aclByKey -ErrorAction Stop

        foreach($configFile in $ConfigFiles)

        {

            (Get-Content -Path $configFile).Replace($oldCert.Thumbprint,$newCert.Thumbprint) | Set-Content $configFile

        }

    }

}

Update-Thumberprint

iisreset

Restart-Service “DynamicsAxBatch”

Please copy all the script and run in powershell via administrator previligge. Each time you run this script, it will create a new set of certificates. So do not repeat it. Hope it helps.
发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址