Independent software vendor (ISV) licensing

This article describes the independent software vendor (ISV) licensing characteristic. It includes data about benefits and capabilities of the ISV licensing feature, and explains how to enable licensing for an ISV solution, create a package and generate a client-specific license, and create self-signed certificates for exam purposes.

The Microsoft Dynamics ecosystem provides tools and frameworks that let independent software vendors (ISVs) build, deploy, sell, and therefore monetize vertical industry solutions that tin can be repackaged. The ISV licensing characteristic provides the following benefits:

  • It provides a safer licensing mechanism for ISV solutions for customers and partners. ISV solutions are enabled only if the customer has purchased a valid license key from the ISV.
  • It aligns how customers handle licenses for ISV solutions from different ISVs, and therefore lowers the total price of ownership (TCO).
  • ISVs tin can independently generate, manage, and distribute ISV licenses past using industry standard frameworks.

This feature doesn’t enable ISV competitor copycat protection (that is, source-based protection).


This section describes various capabilities of the ISV licensing feature.

ISVs tin generate their own licenses

ISVs can independently generate their ain licenses, apply them to solutions, and deliver those solutions to partners and customers. Each ISV license enables run-fourth dimension features that help protect the ISV solution. Additionally, each ISV license is tied to an ISV Authenticode certificate, which ensures that the software was distributed by the ISV.

A run-time cheque makes sure that an ISV-generated license key exists in the client’s environment

Each ISV solution that is tied to a license runs simply when a valid license fundamental exists in the customer’s environment. Therefore, if an ISV ties its solution to a license, but the client doesn’t have a valid license central, the solution doesn’t run.

In that location are ii types of license: Boolean and Number

ISVs can create two types of license:
Number. ISVs can associate an expiration date with either type of license. This expiration date is applied only to the ISV licenses and is contained of the system expiration date. A Boolean license is a unproblematic activation license. The type of license (Boolean
Number) is set through a property in the license code node. ISVs can write their own custom logic to bank check the count that is provided in the ISV license, to brand sure that their solutions are being used within the license terms. For more than information, see Licensing Framework for ISVs.

License validation errors

When an ISV license becomes invalid afterwards import, the ISV solution continues to run until the server is restarted. (After the server is restarted, the solution is disabled.) An mistake is thrown when the example of the Awarding Object Server (AOS) starts. The error is written to the upshot log.

Implementing ISV licensing in a solution

ISVs must have a valid Authenticode certificate (X.509) from a certificate say-so (CA). Microsoft doesn’t recommend any particular CA. Withal, many companies offering these certificates. Authenticode certificates come in various key sizes. The ISV licensing feature supports certificates of both 1024-bit and 2048-bit key sizes. 3072-bit and 4096-chip code signing certificates are supported kickoff with platform updates for version 10.0.20. We recommend that ISVs use the larger bit fundamental size because it provides stronger encryption. Nevertheless, if an ISV already has a valid 1024-scrap or 2048-fleck fundamental size, that primal size works with the ISV licensing feature.

Certificate import and export

The certificate is used to sign your customer license files and validate the license files at the time of import. Authenticode certificates back up 4 file formats. For the ISV licensing feature, you lot must have the certificate files in two formats:

  • Personal Data Exchange (PFX, also known equally PKCS #12)
    – The PKCS #12 format, which uses the .pfx file proper noun extension, supports secure storage of certificates, individual keys, and all certificates in a certification path. The PKCS #12 format is the only file format that can be used to consign a certificate and its private key.
  • Base64-encoded 10.509
    – The Base64 format supports storage of a single certificate. This format doesn’t support storage of the private cardinal or certification path.

There is a restriction on the format. The PFX (PKCS #12) format should be used only to export the certificate together with its private key for signing/generating purposes. Information technology should never be shared outside the ISV organisation. The DER-encoded binary Ten.509 format, which uses the .cer file proper noun extension, should be used to export the public key of the certificate that must exist embedded in the Awarding Object Tree (AOT) License. This public key is distributed to customers via the model. It’s used when a license is imported, to make sure that the license is signed by the ISV license that owns the private fundamental.

Enable licensing for your ISV solution

Follow these steps to enable licensing for your solution.

  1. Create an ISV solution. In Visual Studio, click
    File > New projection. In the
    New Project
    dialog, click
    Installed > Templates > Dynamics 365. Create a
    Finance Operations
    project. In this example, we named the projection

  2. Add the certificate’due south public key (.cer file) to your project equally a resource. To create a certificate for testing, run into Appendix: Create self-signed certificates for test purposes.

    1. Right-click the projection in Solution Explorer, then click
      Add > New item.

    2. Nether
      Installed > Dynamics 365 Items, click
      Labels And Resources, and and so select
      Resource. Name the resource. In this example, we named the resources

      Clicking Resource.

    3. Click
      and select the document’s public key file (.cer file).

      Selecting the certificate's public key as the resource.

    4. Click
      to add together the certificate.

      Adding the certificate as a resource.

  3. Create a license code. Right-click the project in Solution Explorer, then click
    Add > New item. Nether
    Installed > Dynamics 365 Items, cull
    Configuration. In the list, choose
    License Lawmaking
    and name the license lawmaking. In this example, we named the license code
    ISVLicenseCode. Click

    Creating a license code.

  4. Map the document to the license code. In the Properties window for the license lawmaking, ready the
    property to your certificate resource. In this example, we fix

    Mapping the certificate to the license code.

  5. Create one or more configuration keys. Correct-click the project in Solution Explorer, then click
    Add > New item. Under
    Installed > Dynamics 365 Items, cull
    Configuration. In the list, choose
    Configuration Key. Name the fundamental and click
    Add together. In this example, we named the configuration key

    Creating a configuration key.

  6. Associate the license code with the configuration central. In Solution Explorer, double-click the configuration cardinal to open the Properties window. In the Properties window, set the
    belongings to your license code. In this case, we set the

    [Associating the license code with the configuration keys.

  7. Acquaintance a configuration key to an element in your solution. For example, create a new form. Correct-click the project in Solution Explorer, and then click
    Add > New item. Under
    Installed > Dynamics 365 Items, choose
    User Interface. In the list, choose
    and requite it a name. In this case, we named the form

    Creating a new form.

  8. Add a button to the class. Double-click the class in the Solution Explorer. In the Design window, right-click and select
    New, and then
    Push button. Fix the
    property to

    Adding a button to the new form.

    At runtime, the push is visible considering it isn’t controlled past a configuration central at first.

    New button is visible when it's first added.

  9. Acquaintance a configuration primal with the push button. In the Properties window for the button, gear up the
    Configuration Key
    holding to your configuration. In this example, we set the
    Configuration Key

    Associating a configuration key with the button.

    At runtime, the button is not visible considering the configuration fundamental must exist available and enabled.

    Button is no longer visible.

Baca juga:  Binary Options System That Works

Create a package and generate a customer-specific license

  1. Collect the tenant proper name and ID for the customer to effect the license to. You tin can find this information at
    Settings > Help & Support > Nearly
    on the

    Customer's tenant name and ID.

  2. Generate a license for the customer (tenant ID and name), and sign the license by using the certificate’south private key. Yous must pass the following parameters to the
    axutil genlicense
    control to create the license file.

    Parameter name Description
    file The name of your license file.
    licensecode The name of your license code (from Microsoft Visual Studio).
    certificatepath The path of your certificate’s individual primal.
    password The countersign for your document’s private key.
    customer The customer’s tenant name (from the screenshot nether step 1).
    serialnumber The client’south tenant ID (labeled “Serial number” in the screenshot).
    expirationdate Optional: The expiration appointment for the license.
    usercount Optional: The number that custom validation logic can use as required. This could be users, but is non limited to users.

    Here is an example.

                    C:\AOSService\PackagesLocalDirectory\Bin\axutil genlicense /file:c:\templicense.txt /certificatepath:c:\tempisvcert.pfx /licensecode:ISVLicenseCode / /serialnumber:4dbfcf74-c5a6-4727-b638-d56e51d1f381 /password:********
  3. Import the license into the target environment.


    In production systems, yous consummate this step from Microsoft Dynamics Lifecycle Services (LCS), by using a deployable package. For more information, see the “Production environments” section subsequently in this commodity.

    Parameter name Clarification
    –setupmode importlicensefile Use this parameter to inform the setup tool that a license will exist loaded.
    –metadatadir Use this parameter to specify the metadata directory. You should utilise the default packages directory.
    –bindir Use this parameter to specify the binaries directory. You lot should utilize the default packages directory.
    –sqlserver Apply this parameter to specify the Microsoft SQL Server. For one-box environment, utilize a period (.).
    –sqldatabase Employ this parameter to specify the SQL Server database. For one-box environments, use
    –sqluser Use this parameter to specify the SQL Server user. You should apply
    –sqlpwd Utilize this parameter to specify the SQL Server countersign.
    –licensefilename Use this parameter to specify the license file that will exist loaded.

    Hither is an example.

                    C:\AOSService\PackagesLocalDirectory\Bin\Microsoft.Dynamics.AX.Deployment.Setup.exe --setupmode importlicensefile --metadatadir c:\packages --bindir c:\packages --sqlserver . --sqldatabase axdb --sqluser axdbadmin --sqlpwd ******** --licensefilename c:\templicense.txt
  4. The corresponding configuration primal will exist available and enabled on the
    License configuration
    folio. By default, the configuration is enabled. For example, run across the
    configuration cardinal in the post-obit screenshot.

    ISVConfigurationKey1 configuration key enabled on the License configuration page.

  5. In not-production installations, you must start the database synchronization procedure from Visual Studio.

Afterward the configuration fundamental is enabled, the button becomes visible, as shown in the following screenshot.

Baca juga:  How To Trade Binary Options On Etrade

Button is visible after the configuration key is enabled.

Protection best practices

Solutions can be delivered in two forms:

  • Model files (source code)
  • Deployable packages (binary)

To protect your configuration keys and license codes, we recommend that you release them in binary form, by using a deployable package. Customers will so be able to install and interact with those elements in Visual Studio. Although customers will be able to refer to items in the deployable packet, they won’t be able to admission source code or make modifications to the items. (However, they can create extensions.) More details virtually the capability to release solutions in binary form will be bachelor soon. The deployable packet (binary) can also include classes and other logic that your customer doesn’t crave admission to and should not be able to customize.

Protected vs. unprotected ISV solutions.

Production environments

To install ISV licenses in production systems, you must use a deployable package through LCS. Y’all tin can find a template packet for configuration mode at the following location in all installations: <PackagesFolder>\bin\CustomDeployablePackage\ImportISVLicense.nothing (Packages folder is typically under j:\AOSService\PackagesLocalDirectory or c:\AOSService\PackagesLocalDirectory\)

Location of the template package for configuration mode.

  1. Make a copy of the package template.
  2. Put the license file in the following binder within the parcel template:\AosService\Scripts\License

More than one license can exist installed at a time. If i of the licenses depends on another, make sure that it’s named accordingly. (Licenses are installed in alphabetical order.)

Appendix: Create self-signed certificates for examination purposes


Self-signed certificates can be used simply during development. They aren’t supported in production environments.

For Platform update 34 and earlier: (Deprecated – uses SHA1 hash algorithm for license creation)

  1. For test purposes, create a self-signed CA certificate. Use the Visual Studio tools prompt to run the post-obit command.

                    makecert -r -pe -n "CN=IsvCertTestAuthority O=IsvCertTestAuthority" -ss CA -sr LocalMachine -a sha256 -len 2048 -cy dominance -sky signature -b 01/01/2016 -sv c:\temp\CA.pvk c:\temp\CA.cer

    For more information, see the MakeCert documentation.

  2. Create a certificate by using the CA.

                    makecert -pe -northward "CN=IsvCertTest O=IsvCertTest" -ss ISVStore -sr LocalMachine -a sha256 -len 2048 -cy terminate -sky signature -eku 1.iii. -ic c:\temp\ca.cer -4 c:\temp\ca.pvk -b **/**/**** -sv c:\temp\isvcert.pvk c:\temp\isvcert.cer
  3. Convert the ISV certificate to PFX format.

                    pvk2pfx -pvk c:\temp\isvcert.pvk -spc c:\temp\isvcert.cer -pfx c:\temp\isvcert.pfx -po ********
  4. For a test scenario, import the self-signed CA certificate manually on all the AOS instances.

                    certutil -addstore root c:\temp\ca.cer

    Even so, if a self-signed ISV document was used, that certificate must exist imported instead of the CA certificate.

                    certutil -addstore root c:\temp\isvcert.cer

For Platform update 35 and later: (Uses SHA256 hash algorithm for license creation)

  1. For exam purposes, create a cocky-signed certificate using the PowerShell control

    1. Create the certificate. (Note: arrange start and end dates accordingly.)

                          $cert = New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "IsvCert" -Type CodeSigningCert -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -KeySpec Signature -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotBefore (Get-Date -Year 2020 -Month 1 -Solar day 1) -NotAfter (Go-Date -Year 2022 -Month 12 -Day 31)
    2. Go a reference to the new certificate.

                          [Cord]$certPath = Bring together-Path -Path "cert:\LocalMachine\My\" -ChildPath "$($cert.Thumbprint)"
    3. Create the secure string password that the certificate uses. (Supplant “##############” with the document password)

                          [System.Security.SecureString]$certPassword = ConvertTo-SecureString -String "##############" -Strength -AsPlainText
    4. Consign the certificate private key every bit
      file using the password.

                          Export-PfxCertificate -Cert $certPath -FilePath "C:\Temp\IsvCert.pfx" -Password $certPassword
    5. Consign the certificate public key as a

                          Consign-Certificate -Cert $certPath -FilePath "C:\Temp\IsvCert.cer"
  2. Add the document to the root store.

                    certutil -addstore root C:\Temp\IsvCert.cer