Skip to main content
Dynamics 365

Renew Dynamics 365 for Finance and Operations Certificate on Dev Machine

This was a internal request from support team to quickly fix the certificate expire issue. I would like to post it here in case you need it. Please note this should only apply to your Dev VHD, and strongly recommand you create a checkpoint before proceed.


You will get error 503 when trying to access local URL

Check in Computer Certificates, you will see Certifcates started  with DeploymentsOnebox expired.


One script for all steps(renew certificate,grant permission, replace in config, reset iis and batch)

Function Update-Thumberprint


    Set-Location -Path “cert:\LocalMachine\My”

    $oldCerts = Get-childitem | where { $_.subject -match “DeploymentsOnebox” -or $_.Subject -match “MicrosoftDynamicsAXDSCEncryptionCert”}

    $ConfigFiles =







    foreach ($oldCert in $oldCerts)


        $newCert = New-SelfSignedCertificate -CloneCert $oldCert

        #consider to delete the old cert

        $keyPath = Join-Path -Path $env:ProgramData -ChildPath “\Microsoft\Crypto\RSA\MachineKeys”

        $keyName = $newCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName

        $keyFullPath = Join-Path -Path $keyPath -ChildPath $keyName

        $aclByKey = (Get-Item $keyFullPath).GetAccessControl(‘Access’)

        $permission = “EveryOne”,“Read”, “Allow”

        $accessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $permission


        Set-Acl -Path $keyFullPath -AclObject $aclByKey -ErrorAction Stop

        foreach($configFile in $ConfigFiles)


            (Get-Content -Path $configFile).Replace($oldCert.Thumbprint,$newCert.Thumbprint) | Set-Content $configFile






Restart-Service “DynamicsAxBatch”

Please copy all the script and run in powershell via administrator previligge.

Each time you run this script, it will create a new set of certificates. So do not repeat it.

Hope it helps.