You can use service certificates to help secure RoleTailored client connections over a wide area network (WAN). Microsoft Dynamics NAV 2016 can support the following configurations:

This implementation describes the chain trust configuration, which is the more secure option.

In a production environment, you implement chain trust by obtaining X.509 service certificates from a trusted provider. These certificates and their root certification authority (CA) certificates must be installed in the certificates store on the computer that is running Microsoft Dynamics NAV Server. The CA certificate must also be installed in the certificate store on computers that are running the RoleTailored client so that clients can validate the server.

Note
This implementation does not use Secure Sockets Layer (SSL). Although these implementations do use the public and private key infrastructure of SSL and SSL certificates, they use Windows Communication Foundation (WCF) transport-level security (TLS) over the TCP/IP protocol instead of https. This means that these are not strict SSL implementations.