Keep up to date with the latest information about Microsfot Dynamics GP through articles from the Perfect Image and azurecurve blog.
Microsoft Dynamics GP 2013 SP2 Web Client Scale-Out Deployment: Avoiding Trust Relationship Problems
January 27th, 2014 by Ian Grieve
If a wildcard domain certificate has been used then you won’t need to follow the steps in this post. If, like me, you’re using individual machine certificates then you will have problems with trust relationships between servers unless you install the certificate from each machine on all of the others.
To accomplish this, the certificates need to be exported and then imported. As an example, I am going to transfer the certificate from the Session Control Server (SC1) to the first Session Host (SH1).
To do this open Internet Information Services (IIS) Manager, select the machine and double click Server Certificates:
Select the certificate to export (in my case the one named Dynamics GP Web Client) and click Export in the Action pane:
Enter the path to export the certificate, a password and password confirmation and click OK:
On the machine you’re going to import the certificate (in my case SH1), press Win + R to open the Run window, type MMC and click OK:
In the Microsoft Management Console click on File and select Add/Remove Snap-in…:
In the Available snap-ins list select Certificates and click Add > to move it to the Selected snap-ins list:
After clicking OK select Computer account as we need to make the certificate we import available to all user and service accounts on the machine:
Set the snap-in to always mange the Local computer and click Finish:
When returned to the Add or Remove Snap-ins folder, click OK:
In the Microsoft Management Console navigation pane expand Certificates (Local Computer) and click on Certificates to display a list of all certificates installed on the machine.
In my example you will see that the certificate for SH1 (the local machine) is displayed second bottom in the list:
Right click in the middle panel, click All Tasks then, on the fly-out menu, click Import…:
Read the blurb on the Certificate Import Wizard welcome screen and click Men>Next:
Enter the path and file name of the certificate to be imported. On the source machine (SC1) I saved the certificate to the C:\ so to load it I entered a UNC path which access the Certificates folder on SC1:
Enter the password used when exporting the file and click Next:
The Certificate Store we need to use is the Trusted Root Certificate Authorities
In the final stage of the Certificate Import Wizard check your selections and then click Finish:
A confirmation dialog will be displayed that the import has been sucessful:
In the Microsoft Management Console, the newly imported certificate for SC1 is shown third bottom, just above the SH1 certificate.
The Session Control certificate needs to be imported on each of the Session Hosts, and each of the Session Host server’s certificates need to be imported onto the Session Control server.
|Microsoft Dynamics GP 2013 SP2 Web Client Scale-Out Deployment|
|Installing IIS On Session Control Server|
|Extending IIS With ASP.NET 4.5 On Windows Server 2012|
|Extending IIS With ASP.NET 4.5 On Windows Server 2008 R2|
|Creating A Self-Signed SSL Certificate On The Session Central Server|
|Binding An SSL Certificate To The Session Control Website|
|Adding An SSL Certificate To The Session Hosts|
|Avoiding Trust Relationship Problems|