Using Certificates to Secure a Remote RoleTailored Client Connection

You can use service certificates to help secure RoleTailored client connections over a wide area network (WAN). Microsoft Dynamics NAV 2013 R2 can support the following configurations:

  • Chain trust, which specifies that each certificate must belong to a hierarchy of certificates that ends in a root authority at the top of the chain.

  • Peer trust, which specifies that both self-issued certificates and certificates in a trusted chain are accepted.

This implementation describes the chain trust configuration, which is the more secure option.

In a production environment, you implement chain trust by obtaining X.509 service certificates from a trusted provider. These certificates and their root certification authority (CA) certificates must be installed in the certificates store on the computer that is running Microsoft Dynamics NAV Server. The CA certificate must also be installed in the certificate store on computers that are running the RoleTailored client so that clients can validate the server.


This implementation does not use Secure Sockets Layer (SSL). Although these implementations do use the public and private key infrastructure of SSL and SSL certificates, they use Windows Communication Foundation (WCF) transport-level security (TLS) over the TCP/IP protocol instead of https. This means that these are not strict SSL implementations.