Creating Self-signed Security Certificate Using PowerShell Script

With the New-NavSelfSignedCertificate PowerShell cmdlet, you can create a self-signed certificate to help secure the communication between the Microsoft Dynamics NAV Server and the Microsoft Dynamics NAV Web client.

Running the New-NavSelfSignedCertificate takes several parameters. One of these parameters is MakeCertExePath. This parameter must be filled in with the file path of the Windows SDK MakeCert.exe file. Typically, this file can be found under C:\Program Files (x86)\Windows Kits\8.1\bin\x86\makecert.exe. If you do not have a Windows 7.1 or 8.1 SDK on the Microsoft Dynamics NAV Server computer, you can download this from MSDN.


The New-NavSelfSignedCertificate PowerShell cmdlet will only create self-signed certificates that can be used on Windows and Windows Phone. If you want to use the certificate on Android devices, then you must set the -SubjectAlternativeName parameter, such as -SubjectAlternativeName, *

To create a self-signed security certificate using the PowerShell script

  1. On the computer or virtual machine that is running Microsoft Dynamics NAV Server, run Microsoft Dynamics NAV Administration Shell as an Administrator.

  2. Choose Start, in the Search box, type Microsoft Dynamics NAV Administration Shell.

  3. Right-click the related link, and then choose Run as Administrator.

  4. At the command prompt, import the PowerShell module by typing the following command: Import-Module <dvddir>\\WindowsPowerShellScripts\NAVCertificateAdministration\NAVCertificateAdministration.psm1 or a path equivalent to where your PowerShell module is located.

  5. Next, at the command prompt, type the following command: New-NavSelfSignedCertificate <parameters>

    The following table describes the parameters you can specify:

    Parameter name Type Description
    -TestCertificateName Type:String The name that identifies your test certificate. The default value is TestCertificate. This parameter is optional.
    -TestCertificateServerAddress Type:String The authority/entity that this certificate is issued for. Default is the computer host name. Specify this value if the Microsoft Dynamics NAV Server is accessed by using an address that differs from the computer name. This parameter is optional.
    -TestCertificateRootCertificateAuthorityName Type:String The root certificate authority name. The name will identify the root certificate issuer. The default value is the TestCertificate parameter value prefixed RootCA. This parameter is optional.
    -Outputfolder Type:String Specifies the output folder for the certificates. Default is the location where the script was executed from. This parameter is optional.
    -MakeCertExePath Type:String The path of the Windows SDK MakeCert.exe tool. Default is the specified Outputfolder. This parameter is optional.
    -NavServiceIdentity Type:String Username for the identity running the Microsoft Dynamics NAV Server. Default is NTAUTHORITY\Network Service. This parameter is optional.
    -Import Type:String Imports the certificates after creation. If not specified, the user will be prompted for a reply. This parameter is optional.
    -SkipImport Type:Boolean false will import certificates and true will skip the import of certificates.
    -SubjectAlternativeName Type:string The SAN for your account, such as, * This parameter is optional.

    The New-NavSelfSignedCertificate PowerShell cmdlet has now generated a self-signed security certificate with an accompanying root certificate and root revocation list, which is put under the specified output folder. Once the cmdlet is run, you have the option to import the security certificate, root certificate, and root revocation list to the local computer.

See Also

Using Certificates to Secure a Remote Client Connection
Walkthrough: Implementing Security Certificates in a Test Environment