We are attempting to use Fiddler as a proxy to capture traffic being sent from Microsoft Dynamics NAV to SharePoint via a plugin we have written for NAV.
I have added the below to "C:\Program Files\Microsoft Dynamics NAV\90\Service\Microsoft.Dynamics.Nav.Server.exe.config"
<proxy autoDetect="false" bypassonlocal="false" proxyaddress="http://127.0.0.1:8888" usesystemdefault="false" />
When our plugin (DC.SharePoint.ComWrapper) attempts to connect to SharePoint via Fiddler we receive the below error.
Microsoft Dynamics NAV
A call to DC.SharePoint.ComWrapper.ListItemWrapper.Create failed with this message: The remote certificate is invalid according to the validation procedure.
Does anyone have any suggestions as to what I could be missing? The NAV service runs as a domain user, which has the Fiddler root certificate in it's trusted root certification authorities store. I have also tried putting it in the local computers store and running the service in the Network Service account.
The only thing I have noticed, is in the Raw capture, there is a line saying:
"Time": 26/09/2021 02:52:10
The date and time specifieid changes to seemingly random date around 50 years either side of the date today. However I am not sure if that is being used to validate the certificate?
Any help would be greatly appreciated.
7 Answers, 1 is accepted
The "Time" field is pseudo-random and should not be related to your problem.
If you let the application use the system proxy settings (instead of setting it explicitly) is the result the same? If yes, I would suggest to try using different certificate generator. It is called CertMaker and you can download it from here - https://www.telerik.com/fiddler/add-ons.
Thanks for your reply. I have:
Deleted and reinstalled the fiddler root certificate in the trusted root certificates of the local machine store and the current user store.
Removed the proxy address from the Microsoft.Dynamics.Nav.Server.exe.config. (I found this was only necessary when the service was running as Network Service).
Restarted the Dynamics NAV service running as a normal user (called dcadmin).
But I still get the same error.
I can browser to https://www.google.co.uk in IE running as dcadmin and see that the fiddler root certificate is trusted, but it is not trusted by the dynamics nav process, also running as dcadmin.
It sounds like this application you are trying to use is not using the certificate store built-in in Windows. This is really strange since it is Microsoft product.
Did you restarted this software after adding the certificate to the store (I would suggest system restart if possible)? It is very long shot, but it's worth trying.
Did you ever find out what the problem was? We are trying something similar but cannot get the Fiddler Cert to work.
Maybe Alexander has any new insights? Because it really would be weird if NAV/Business Central did not use the built in Certificate Store. Because I am pretty sure, that at least for the Certificate that the NST uses for encrypting the traffic between itself and the Database (and also for the ODATA/SOAP Enpoints if enabled) that it uses the Certs in the Certificate Store (and this fact is also explained in detail in the Microsoft Docs).
Where else could NAV look for the Certs anyway? Maybe Alexander could explain what he meant, so I could look for that other place :)
Can you clarify some details about your specific case - are you receiving the very same error, have you tried using the system proxy as Alex suggested (for your client), are you receiving the difference in the Time field as David has shown?