In this Article, we are going to discuss the Dynamics GP Security Certificate and also Security Groups and User Accounts.
Importing a Self-signed Security Certificate
When you are using the self-signed Dynamics GP Security certificate, there is no certificate authority available to verify the certificate. If you use another computer to connect to Dynamics GP web client installation that is using a self-signed security certificate, you will see a certificate error displayed in the web browser.
If the same self-signed security certificate is used for both web site and for the web client runtime service, the certificate error can prevent you from successfully logging into the Dynamics GP web client. The solution is to import the Dynamic GP security certificate into a machine that will be accessing the web client. This appendix describes how to do this. First, you retrieve the security certificate from the server, and then you must install the certificate onto your local machine.
To Retrieve the Security Certificate
- Open Internet Explorer on the computer that will be used to connect to Dynamics GP web client.
- Connect to the Dynamics GP web client site. The browser will display a message indicating that there is an issue with the web site’s security certificate. Click Continue to this website.
- The URL area of the browser you will appear in red, indicating the security certificate error. Click Certificate error to display all details of the error.
4. In the drop-down, click View certificates.
5. In the Certificate window, click Details tab.
6. Click Copy to File to open the Certificate Export Wizard and then Click Next.
7. Choose the DER encoded binary X.509 format, and then click Next.
8. Click Browse to open the file dialog box that allows you to name the certificate file and select a location for it. Practice is to name a certificate based on the computer that is being accessed. In this example, the computer being accessed is named GPUA2, so the certificate is named as GPUA2.cer. Choose a convenient location for the file, such as the desktop and then Click Save.
9. In the Certificate Export Wizard, click Next. Then click Finish. A message will be indicating that the security certificate was exported.
10. Click OK to close the Certificate window.
To install the Dynamics GP Security Certificate
- On the computer that will be used to connect to a web client, open the Run prompt. (Choose Start > Run or press Window-R)
- In the Open field, type MMC and clicks OK.
3. In the Microsoft Management Console, open the File menu and select Add/ Remove Snap-in.
4. In the Add or Remove Snap-ins window, select the Certificates snap-in from the Available snap-ins list, and then click Add.
5. In the choose Computer dialog box, choose Local computer and then click Finish.
6. In the Add or Remove Snap-ins window and click OK.
7. In the left pane, expand the Certificates node, and then expand the Trusted Root Certification Authorities node.
8. In the Microsoft Management Console, open File menu and choose Add/ Remove Snap-in.
9. In the Add or Remove Snap-ins window, select the Certificates snap-in from the Available snap-ins list, and then click Add.
10. In the Certificates snap-in dialog box, select Computer account and then click Next.
11. In the choose Computer dialog box, choose Local computer and then click Finish.
12. In the Add, Snap-ins window clicks OK.
13. In the left pane, expand the Certificates node, and then expand the Trusted Root Certification Authorities node.
Security Groups and User accounts
To properly secure the Microsoft Dynamics GP web components installation, some of the Dynamics GP security groups and specific user accounts are required. Information is divided into the following sections:
- Security groups
- User accounts
Security groups are used to control which users are allowed to access Dynamics Great Plains web client and the Web Management Console. These security groups can be a machine group (for the single machine configuration) or domain groups. The domain groups must be the security groups, not distribution groups.
Typically, you should make one security group for the Dynamics GP web client and another security group for the Web Management Console. You can add individual users to these groups. If you have a complex installation with a large number of users, you may want to create additional groups that you add users to.
Several user accounts are needed to run the web site and the services that are part of the Dynamics GP web components installation. These accounts are typically domain accounts since they will need to access the configuration database on the SQL Server. Ideally, these user accounts should have limited privileges and password that does not expire. You may want to use the same account for multiple components of the configuration.
Make the user accounts before you start installing the Dynamics GP web components. You must have user accounts for the following:
GP Web Client site application pool
This is the user account that runs the application for the web site that hosts the Dynamics GP web client.
Web Management Console application pool
This is the user account that runs the application for the web site that hosts the
Web Management Console
Session Central Service
This is a user account that runs the Session Central Service. This account must have permission to read information from Active Directory.
This is the user account that runs Session Service on each session host machine.
This is the user account that runs the Dynamics GP Service. This account must have permission to read information from Active Directory.
Dexterity Service Control
This is the user account that runs Dexterity Service Control on each session host machine.
In this Article, we dealt with the Dynamics GP Security Certificate and also Security Groups and user accounts overview.