Map a Google Domain to MS Dynamics 365 Portal and Add SSL Certificate
I have an account with MS Dynamics 365. So I decide to play with it and create a website using the Dynamics portal.
I bought a domain name from Google Domain. It does not take too much time to update the portal setting and google domain setting to map the domain name with the portal.
1. Go to the portal management page, there is a tool to set up a custom domain. Add custom domain here.
2. Go to Google domain management, in the DNS page, add a CName with WWW and point it to the yourportal.powerappports.com
After a couple of minutes, the setup will take effect and the portal will work with the custom domain. However, the Chrome browser complains that the website is unsafe. To resolve this issue, the only way is to buy an SSL certificate.
Since this is a personal website, I do not want to spend too much on SSL. I checked around and found that Namecheap provides SSL at a really low price. My impression is that SSL usually cost hundreds of bucks. However, with Namecheap, an SSL certificate will cost only $10 per year. I do not mind to spend $10 for a training purpose.
If you buy a 5-year package, then the price is only $8
I then discussed with the customer support with the live-chat. I was lucky to get great support and she basically guided me from ordering to install the SSL with my portal.
Below is the full chat history. It took me about 2 hours from end to end to set up the SSL. I believe it is very helpful to anyone who wants to have an SSL certificate for the Dynamics 365 portal.
18:54 Your Question: Hi, I need an SSL for my dynamics 365 portal. Is it good for this purpose?
18:54 Please wait and one of our operators will be with you shortly.
18:54 You are now chatting with Marina Golovko (SSL CS) - SSL Support
18:54 Marina: Hello David! Thank you for contacting our Live Chat support.
18:55 Me: Hi Marina, I am wondering whether the SSL certificate is good for the dynamics portal
18:58 Marina: According to my check, it should be possible to use our SSL certificate for that purpose.
18:54 You are now chatting with Marina Golovko (SSL CS) - SSL Support
18:54 Marina: Hello David! Thank you for contacting our Live Chat support.
18:55 Me: Hi Marina, I am wondering whether the SSL certificate is good for the dynamics portal
18:58 Marina: According to my check, it should be possible to use our SSL certificate for that purpose.
18:58 Marina: After the certificate is purchased, it should be activated, validated, and installed on the server. You can refer to this useful article regarding the matter: https://www.namecheap.com/
18:59 David: Great! Thanks, Marina. I will proceed with it.
18:59 Marina: You are welcome! May I help you with anything during the process?
19:00 David: I think yes. I will start by creating the CSR first. And then I believe I just submit the order online, correct?
19:02 Marina: In order to assist you better, please provide me with the username and the support PIN.
The support PIN can be found here: https://ap.www.namecheap.com/
The username can be found here: https://ap.www.namecheap.com/
19:03 David: I do not have an account yet. I will register one.
19:03 Marina: Thank you for letting me know.
19:04 Marina: You can register an account with us following this guide: https://www.namecheap.com/
19:04 Marina Golovko: After that, feel free to purchase an SSL certificate here: https://www.namecheap.com/
19:04 David: Yes, just created my account
19:05 Marina: As for the process, you will need a generate a CSR code, activate the certificate, validate it using the preferable validation method (Email-based, DNS-based, or HTTP-based) and install it on your server after issuance.
19:06 Marina: It is recommended to generate a CSR code on the side of your server, however, you may also use this online tool for a generation: https://decoder.link/csr_
19:06 David: Great. Thanks, Marina.
19:06 Marina: Keep in mind that it is necessary to copy the private key and save it separately as a text document on your computer after the CSR code is generated.
19:06 Marina: A private key is required for the installation process after the certificate is issued. You can check how the private key looks like here: https://namecheap.simplekb.
19:08 Marina Golovko: If you wish, I can send detailed instructions on how to enable an SSL certificate on the email you entered the chat with so you can follow the steps.
19:08 David: Hi, I noticed that I do not have an organization as this is a personal website.
19:08 David: What should I fill for the organization?
19:10 Marina: You may use "NA" as an organization name in case you have a personal website.
19:11 David: Great! Thanks.
19:11 Marina: You are always welcome!
19:13 David: in the online tool for a domain name, do I need to enter www.tcmthinks.com or just tcmthinks.com
19:16 Marina: It depends on the domain name you would like to use. However, in case you choose our single-domain certificate, it will protect both - bare domain and its www version so you can choose any preferable variant.
19:17 David: I see. Thanks. Yes, I am using a single domain certificate. It is the first time I do this.
19:20 Marina: My pleasure.
19:20 David: I have generated the CSR.
19:21 Marina: Great! As you already have an account with us, could you let me know the username and the support PIN of it?
19:21 Marina: The support PIN can be found here: https://ap.www.namecheap.com/
The username can be found here: https://ap.www.namecheap.com/
19:22 David: yes, my user name is something2021. my pin 1234
19:23 Marina: Thank you for the details!
19:24 Marina: As you are planning to secure only one website at the moment and do not have a registered company yet, I suggest you our PositiveSSL certificate. Here it is: https://www.namecheap.com/
19:24 Marina: After the SSL is purchased, we can start its activation.
19:25 David: Perfect. I am ordering it now.
19:25 Marina: Take your time.
19:28 David: I have ordered and paid.
19:29 David: Now should I convert it to a pfx file for my portal website?
19:30 Marina: At first, it is necessary to activate the certificate and validate it to get the SSL files for installation.
19:31 Marina: To start the activation process, please follow these steps: Log in to your Namecheap account > “Product List” section on the left navigation bar > "SSL certificates" > click "Activate", which is located next to your new certificate.
19:31 Marina: It will be necessary to use a generated CSR code, choose server type, choose one of the preferable domain control validation(DCV) types (Email validation, HTTP-based validation, or DNS-based validation), specify the email address where you would like your SSL certificate sent, review the information and click the "Submit" button.
19:33 Marina: More detailed about the SSL activation process can be found here: https://www.namecheap.com/
19:33 David: I have put in the CSR code submitted. It recognized my domain correctly.
19:35 Marina: Great! Feel free to proceed with the SSL activation further.
19:40 Marina: If you have any difficulties with the process, just let me know.
19:41 David: I am having a problem with the validation. I can not use email or the HTTP method. SO I am trying to create a CNAME
19:42 David: I have access to add a new CNAME on my registry, which is google domain.
19:43 David: I do not know what cname should be added.
19:43 Marina: Sure, you can use a DNS-based method. The values for the CNAME record will be available in your Namecheap account in the certificate details after the certificate is activated and pending DNS-based validation.
19:44 Marina: I will provide you with the steps on how to find them once the SSL activation is finished.
19:45 David: Perfect. I have finished the steps. It is now pending.
19:46 Marina: Thank you for the update! Details for a CNAME record for DNS-based validation can be found by following these steps: Log in your Namecheap account > “Product List” section on the left navigation bar > "SSL certificates" > "Details" button > click on "get CNAME record here" > Choose "Get Record" from the drop-down menu near "EDIT METHODS".
19:46 Marina: Please keep in mind that the "Host" part of the value for the record will be shown along with the domain name. Our system adds the domain name to all the host records automatically, so the domain name should not be entered when creating the CNAME.
19:46 David: Sorry, somehow I noticed the server type is not correct. It should be IIS. Can I change it?
19:47 Marina: As I can see, a server type is chosen as IIS at the moment. No need to worry, you will get certificate files in both formats for the SSL installation on the required server.
19:50 David: So what I should do now?
19:52 Marina: It is necessary to complete a DNS-based validation to get the certificate files for the installation. Please create a CNAME record in the DNS settings of your domain with the following details:
Record Type: CNAME
Host (Alias, name): _
Target (Destination, CNAME): 01AAAAAAAAAAAA41C026AB648C9DB
19:54 David: Done
19:55 Marina: Thank you for the performed actions!
19:55 Marina: I am glad to inform you that the certificate is validated and issued. The certificate files have been sent to your email address. You can also download them from your Namecheap account: "Product list" tab > "SSL certificates" > Click on the "Download" button next to your certificate.
19:55 David: Thank you!
19:56 Marina Golovko: In case to get a PFX file for the installation on the IIS server, you may use either .crt and .ca-bundle files or .p7b file from the downloaded file. To convert your files to PFX, you can follow this link https://decoder.link/
- if you use .crt and .ca-bundle files, please choose the PEM to PKCS#12 option
- if you use .p7b file, please choose the PKCS#7 to PKCS#12 option
20:00 Marina: As I can see, www.tcmthinks.com is using Azure as a hosting server. if that is correct, you can follow this guide for the SSL installation: https://www.namecheap.com/
20:00 David: Yes, it is using azure. I am not able to convert.
20:01 Marina: Please let me know the issue you faced.
20:01 David: I am in the converter tool and have put the .cer file and private key. The tool said converted successfully. I downloaded the zip file but it is only 1Kb.
20:02 David: and the zip file can not be opened.
20:02 David: On the screen, I do not know what is the bundle file, so I left it empty.
20:04 Marina: Thank you for letting me know.
20:06 Marina: You may go to this tool https://decoder.link/converter , choose the PKCS#7 to PKCS#12 tab there, upload a .p7b file from the certificate files which are downloaded from email or from your Namecheap account, upload a private key saved after the CSR generation and click on the "Convert".
20:07 Marina: Please leave the "Password" empty.
20:10 David: THis time it worked. I got the pfx file.
20:10 David: Thanks a lot. I am installing it on my portal now.
20:11 Marina: You are welcome! I am glad to hear that it works.
20:14 David: While install, I was asked for a password for the pfx file. I do not think I put a password for the pfx file though.
20:15 David: The password provided for this certificate is incorrect. Please provide the correct password and try again.
20:16 Marina: It is optional, if you have not added a password during the converting, you can leave it empty.
20:16 David: However, it is a required field. I think I may need to recreate the pfx file with a password.
20:18 Marina: You may try to convert your files into PFX once more using a password and mention it during the SSL installation.
20:21 David: The installation is successful. However, the site is still not secure.
20:21 David: Maybe just need some time?
20:22 Marina: Just a few minutes, I will check the installation.
20:22 David: the SSL expiration date is 1/8/2022, which seems correct.
20:25 Marina Golovko: May I know if you completed the binding steps as well?
20:28 David: You are right. I forgot this step. After binding, the site becomes secure.
20:29 David: Thank you so much for all your patient help. Really appreciated.
20:30 Marina: Great! I am glad to hear that all is set up correctly.
20:31 Marina: I can see that the SSL is installed correctly, you can check it here: https://decoder.link/
20:31 Marina: The HTTPS redirect is enabled, the website is shown as secured from my side.
20:31 Marina: Is there anything else I can help you with at the moment?
20:32 David: Great! Interesting to see all the details of the SSL.
20:32 David: Everything is perfect. That's all for today. Wish you have a good weekend.
20:33 Marina: I was glad to help you today! If you have a moment, you can help us to improve the quality of service by leaving the feedback here: https://nps.namecheap.com/u/
20:33 Marina: By the way, if you are satisfied with the assistance provided today, you can also send your feedback about it to feedback@namecheap.com mentioning my name (Marina).
20:33 Marina Golovko: Stay safe and have a wonderful day!
18:59 David: Great! Thanks, Marina. I will proceed with it.
18:59 Marina: You are welcome! May I help you with anything during the process?
19:00 David: I think yes. I will start by creating the CSR first. And then I believe I just submit the order online, correct?
19:02 Marina: In order to assist you better, please provide me with the username and the support PIN.
The support PIN can be found here: https://ap.www.namecheap.com/
The username can be found here: https://ap.www.namecheap.com/
19:03 David: I do not have an account yet. I will register one.
19:03 Marina: Thank you for letting me know.
19:04 Marina: You can register an account with us following this guide: https://www.namecheap.com/
19:04 Marina Golovko: After that, feel free to purchase an SSL certificate here: https://www.namecheap.com/
19:04 David: Yes, just created my account
19:05 Marina: As for the process, you will need a generate a CSR code, activate the certificate, validate it using the preferable validation method (Email-based, DNS-based, or HTTP-based) and install it on your server after issuance.
19:06 Marina: It is recommended to generate a CSR code on the side of your server, however, you may also use this online tool for a generation: https://decoder.link/csr_
19:06 David: Great. Thanks, Marina.
19:06 Marina: Keep in mind that it is necessary to copy the private key and save it separately as a text document on your computer after the CSR code is generated.
19:06 Marina: A private key is required for the installation process after the certificate is issued. You can check how the private key looks like here: https://namecheap.simplekb.
19:08 Marina Golovko: If you wish, I can send detailed instructions on how to enable an SSL certificate on the email you entered the chat with so you can follow the steps.
19:08 David: Hi, I noticed that I do not have an organization as this is a personal website.
19:08 David: What should I fill for the organization?
19:10 Marina: You may use "NA" as an organization name in case you have a personal website.
19:11 David: Great! Thanks.
19:11 Marina: You are always welcome!
19:13 David: in the online tool for a domain name, do I need to enter www.tcmthinks.com or just tcmthinks.com
19:16 Marina: It depends on the domain name you would like to use. However, in case you choose our single-domain certificate, it will protect both - bare domain and its www version so you can choose any preferable variant.
19:17 David: I see. Thanks. Yes, I am using a single domain certificate. It is the first time I do this.
19:20 Marina: My pleasure.
19:20 David: I have generated the CSR.
19:21 Marina: Great! As you already have an account with us, could you let me know the username and the support PIN of it?
19:21 Marina: The support PIN can be found here: https://ap.www.namecheap.com/
The username can be found here: https://ap.www.namecheap.com/
19:22 David: yes, my user name is something2021. my pin 1234
19:23 Marina: Thank you for the details!
19:24 Marina: As you are planning to secure only one website at the moment and do not have a registered company yet, I suggest you our PositiveSSL certificate. Here it is: https://www.namecheap.com/
19:24 Marina: After the SSL is purchased, we can start its activation.
19:25 David: Perfect. I am ordering it now.
19:25 Marina: Take your time.
19:28 David: I have ordered and paid.
19:29 David: Now should I convert it to a pfx file for my portal website?
19:30 Marina: At first, it is necessary to activate the certificate and validate it to get the SSL files for installation.
19:31 Marina: To start the activation process, please follow these steps: Log in to your Namecheap account > “Product List” section on the left navigation bar > "SSL certificates" > click "Activate", which is located next to your new certificate.
19:31 Marina: It will be necessary to use a generated CSR code, choose server type, choose one of the preferable domain control validation(DCV) types (Email validation, HTTP-based validation, or DNS-based validation), specify the email address where you would like your SSL certificate sent, review the information and click the "Submit" button.
19:33 Marina: More detailed about the SSL activation process can be found here: https://www.namecheap.com/
19:33 David: I have put in the CSR code submitted. It recognized my domain correctly.
19:35 Marina: Great! Feel free to proceed with the SSL activation further.
19:40 Marina: If you have any difficulties with the process, just let me know.
19:41 David: I am having a problem with the validation. I can not use email or the HTTP method. SO I am trying to create a CNAME
19:42 David: I have access to add a new CNAME on my registry, which is google domain.
19:43 David: I do not know what cname should be added.
19:43 Marina: Sure, you can use a DNS-based method. The values for the CNAME record will be available in your Namecheap account in the certificate details after the certificate is activated and pending DNS-based validation.
19:44 Marina: I will provide you with the steps on how to find them once the SSL activation is finished.
19:45 David: Perfect. I have finished the steps. It is now pending.
19:46 Marina: Thank you for the update! Details for a CNAME record for DNS-based validation can be found by following these steps: Log in your Namecheap account > “Product List” section on the left navigation bar > "SSL certificates" > "Details" button > click on "get CNAME record here" > Choose "Get Record" from the drop-down menu near "EDIT METHODS".
19:46 Marina: Please keep in mind that the "Host" part of the value for the record will be shown along with the domain name. Our system adds the domain name to all the host records automatically, so the domain name should not be entered when creating the CNAME.
19:46 David: Sorry, somehow I noticed the server type is not correct. It should be IIS. Can I change it?
19:47 Marina: As I can see, a server type is chosen as IIS at the moment. No need to worry, you will get certificate files in both formats for the SSL installation on the required server.
19:50 David: So what I should do now?
19:52 Marina: It is necessary to complete a DNS-based validation to get the certificate files for the installation. Please create a CNAME record in the DNS settings of your domain with the following details:
Record Type: CNAME
Host (Alias, name): _
Target (Destination, CNAME): 01AAAAAAAAAAAA41C026AB648C9DB
19:54 David: Done
19:55 Marina: Thank you for the performed actions!
19:55 Marina: I am glad to inform you that the certificate is validated and issued. The certificate files have been sent to your email address. You can also download them from your Namecheap account: "Product list" tab > "SSL certificates" > Click on the "Download" button next to your certificate.
19:55 David: Thank you!
19:56 Marina Golovko: In case to get a PFX file for the installation on the IIS server, you may use either .crt and .ca-bundle files or .p7b file from the downloaded file. To convert your files to PFX, you can follow this link https://decoder.link/
- if you use .crt and .ca-bundle files, please choose the PEM to PKCS#12 option
- if you use .p7b file, please choose the PKCS#7 to PKCS#12 option
20:00 Marina: As I can see, www.tcmthinks.com is using Azure as a hosting server. if that is correct, you can follow this guide for the SSL installation: https://www.namecheap.com/
20:00 David: Yes, it is using azure. I am not able to convert.
20:01 Marina: Please let me know the issue you faced.
20:01 David: I am in the converter tool and have put the .cer file and private key. The tool said converted successfully. I downloaded the zip file but it is only 1Kb.
20:02 David: and the zip file can not be opened.
20:02 David: On the screen, I do not know what is the bundle file, so I left it empty.
20:04 Marina: Thank you for letting me know.
20:06 Marina: You may go to this tool https://decoder.link/converter , choose the PKCS#7 to PKCS#12 tab there, upload a .p7b file from the certificate files which are downloaded from email or from your Namecheap account, upload a private key saved after the CSR generation and click on the "Convert".
20:07 Marina: Please leave the "Password" empty.
20:10 David: THis time it worked. I got the pfx file.
20:10 David: Thanks a lot. I am installing it on my portal now.
20:11 Marina: You are welcome! I am glad to hear that it works.
20:14 David: While install, I was asked for a password for the pfx file. I do not think I put a password for the pfx file though.
20:15 David: The password provided for this certificate is incorrect. Please provide the correct password and try again.
20:16 Marina: It is optional, if you have not added a password during the converting, you can leave it empty.
20:16 David: However, it is a required field. I think I may need to recreate the pfx file with a password.
20:18 Marina: You may try to convert your files into PFX once more using a password and mention it during the SSL installation.
20:21 David: The installation is successful. However, the site is still not secure.
20:21 David: Maybe just need some time?
20:22 Marina: Just a few minutes, I will check the installation.
20:22 David: the SSL expiration date is 1/8/2022, which seems correct.
20:25 Marina Golovko: May I know if you completed the binding steps as well?
20:28 David: You are right. I forgot this step. After binding, the site becomes secure.
20:29 David: Thank you so much for all your patient help. Really appreciated.
20:30 Marina: Great! I am glad to hear that all is set up correctly.
20:31 Marina: I can see that the SSL is installed correctly, you can check it here: https://decoder.link/
20:31 Marina: The HTTPS redirect is enabled, the website is shown as secured from my side.
20:31 Marina: Is there anything else I can help you with at the moment?
20:32 David: Great! Interesting to see all the details of the SSL.
20:32 David: Everything is perfect. That's all for today. Wish you have a good weekend.
20:33 Marina: I was glad to help you today! If you have a moment, you can help us to improve the quality of service by leaving the feedback here: https://nps.namecheap.com/u/
20:33 Marina: By the way, if you are satisfied with the assistance provided today, you can also send your feedback about it to feedback@namecheap.com mentioning my name (Marina).
20:33 Marina Golovko: Stay safe and have a wonderful day!
20:36 David: I submitted the feedback. Great help and thanks again. Bye now!
20:37 Marina: Thank you! Goodbye.
Comments
Post a Comment