Connecting to Third-Party Services: Handling SSL/TLS Certificate Validation in X++ and Ignoring Certificate Issues

-


In the world of software development, securely connecting to third-party services is a crucial aspect. However, there are times when you may encounter SSL/TLS certificate validation issues while connecting to these services. If you are working with X++ in Microsoft Dynamics 365 Finance and Operations (D365FO), you might have come across the "The remote certificate is invalid according to the validation procedure. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel" error. There are a number of reasons why this error could be issued. For us, there was no valid certificate setup.


In this blog post, we will explore how to handle this certificate validation issue in X++, allowing you to connect to the third-party service successfully. 

Understanding the Certificate Validation Issue
When making web requests in X++ to a service secured with SSL/TLS, the underlying .NET framework performs certificate validation to ensure a secure connection. If the certificate of the remote service cannot be verified or does not meet the validation criteria, the above error is thrown, preventing the connection. 
Ignoring the Certificate Issue in .NET
In .NET, there is a simple method to ignore certificate validation errors using the `ServicePointManager.ServerCertificateValidationCallback delegate. This approach is not recommended for production scenarios, as it compromises the security of your application. However, it can be useful during development or testing when dealing with self-signed certificates or other temporary situations. 

ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; 

Translating the Solution to X++
In X++, achieving a similar result requires a bit more effort compared to .NET. Here's the code to bypass certificate validation in X++. There are two snippets - for the web request method and the delegate class.

Web request:

Delegate handler:


Explanation
In the above code, we access the `ServerCertificateValidationCallback` object for the current web request and set it to bypass SSL certificate validation by calling the `serverCertificateValidationCallBack` method in the ramax_CertificateDelegateHandler class which returns true. This will allow the X++ application to proceed with the connection despite any certificate validation errors. 
Please Note
  1. Using this approach should be limited to non-production environments and temporary situations. In a production environment, always ensure that the certificate validation is enforced to maintain the highest level of security. We only used this approach while our client setup a valid certificate on their server while we were in development phase. This code was never applied to Tier 2 or above environments.
  2. Ignoring certificate validation errors might expose your application to potential security risks, so use this method judiciously and only when absolutely necessary.
Handling SSL/TLS certificate validation issues is an essential part of secure web communication. While .NET provides a simple way to ignore certificate validation errors during development, X++ in D365FO requires a different approach. By using the provided code snippet, you can bypass certificate validation in X++ and establish connections to third-party services in specific scenarios. However, remember to revert to proper certificate validation before deploying your application to production to ensure data security and integrity. Remember, always prioritize security when connecting to external services, and use this workaround with caution and discretion. 

Happy coding!




Comments

Post a Comment

Popular posts from this blog

Override a System Defined Refresh button in D365O

-
Image
Essentially this post is going to discuss calling custom code while refreshing a form in D365O, however, you can find more information about other system defined buttons and how you can run extra code or suppress them in this article:  System-Defined buttons Firstly the datahelper() method of the formRun framework class can be used to provide services that allow managing the datasources of the form. How can I add custom code to run when I click refresh? We are going to use eventing (pre-event handler and post-event handler) to do this: 1. Write your method that you want to call when the refresh button is clicked 2. In the Form.int subscribe using the datahelper().Refreshing event 3. On refresh click you'll see your message
Read more

Printing PDF Attachments in MSDyn365FO

-
Image
In this post I’ll detail how you can print PDF document attachments using AXs DocumentContract framework. I have used this forum post as a reference: https://community.dynamics.com/ax/f/33/p/222925/785091#785091 1. Create extension of the DocuView form to introduce a new Print button. 2. Next thing is to create a handler class that will have all our event handlers. a. Firstly, we create a class with the reference to DocumentContract AX framework. In my case, I am also using Reporting framework. b. Let’s subscribe to the OnActivated event of the main DataSource which is DocuRef. This is so we can enable or disable printing by checking if the reference is a document and is of type ‘pdf’ c. Then we can create subscribe to the OnClicked event of the new button Print button. We will write our printing logic here. d. Once you click print, you’ll get the following message and you have managed to successfully print an attachment:
Read more