Skip to content
Dynamics 365 Blog

This was a internal request from support team to quickly fix the certificate expire issue. I would like to post it here in case you need it. Please note this should only apply to your Dev VHD, and strongly recommand you create a checkpoint before proceed.

Symptom:

You will get error 503 when trying to access local URL https://usnconeboxax1aos.cloud.onebox.dynamics.com/

Check in Computer Certificates, you will see Certifcates started  with DeploymentsOnebox expired.

Workaround:

One script for all steps(renew certificate,grant permission, replace in config, reset iis and batch)

Function Update-Thumberprint

{

    Set-Location -Path “cert:\LocalMachine\My”

    $oldCerts = Get-childitem | where { $_.subject -match “DeploymentsOnebox” -or $_.Subject -match “MicrosoftDynamicsAXDSCEncryptionCert”}

    $ConfigFiles =

    @(“C:\AOSService\webroot\web.config”,

      “C:\AOSService\webroot\wif.config”,

      “C:\AOSService\webroot\wif.services.config”,

      “C:\FinancialReporting\Server\ApplicationService\web.config”,

      “C:\RetailServer\webroot\web.config”

      )

    foreach ($oldCert in $oldCerts)

    {

        $newCert = New-SelfSignedCertificate -CloneCert $oldCert

        #consider to delete the old cert

        $keyPath = Join-Path -Path $env:ProgramData -ChildPath “\Microsoft\Crypto\RSA\MachineKeys”

        $keyName = $newCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName

        $keyFullPath = Join-Path -Path $keyPath -ChildPath $keyName

        $aclByKey = (Get-Item $keyFullPath).GetAccessControl(‘Access’)

        $permission = “EveryOne”,“Read”, “Allow”

        $accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission

        $aclByKey.SetAccessRule($accessRule)

        Set-Acl -Path $keyFullPath -AclObject $aclByKey -ErrorAction Stop

        foreach($configFile in $ConfigFiles)

        {

            (Get-Content -Path $configFile).Replace($oldCert.Thumbprint,$newCert.Thumbprint) | Set-Content $configFile

        }

    }

}

Update-Thumberprint

iisreset

Restart-Service “DynamicsAxBatch”

Please copy all the script and run in powershell via administrator previligge.

Each time you run this script, it will create a new set of certificates. So do not repeat it.

Hope it helps.

We're always looking for feedback and would like to hear from you. Please head to the Dynamics 365 Community to start a discussion, ask questions, and tell us what you think!