On the Certificate window open the Details tab and scroll down to locate the Thumbprint. To obtain the thumbprint right click the certificate in ADFS management and select View Certificate. You will need to set the ADFS SSL Certificate in PowerShell with the certificate’s thumbprint. A pop up should come up with the new certificate to select and click OK. In the right hand console panel select Set Service Communications Certificate.
Open ADFS Management and expand the Service and Certificates folders. Going back to the ADFS server you will need to update the Service Communication certificate in ADFS Management. You will need to perform an IIS reset from the CMD line. Here you can select the new SSL certificate and click OK to complete it. On the pop up select HTTPS and click Edit. When you open IIS, right click the Microsoft Dynamics CRM website and select Edit Bindings. Next, bind the new certificate to https in IIS. When adding permissions to the Certificate only the CRM App Pool account will be needed.
On the CRM server add the new certificate and import it into the Computer’s Personal Store just as you did on the ADFS server. From here you can the two accounts and their permissions. To add permissions right click on the certificate you just imported and select All Tasks then Manage Private Keys. The ADFS Service account will need “Full” permissions and the CRM App Pool account will require at least “Read” permissions. You will also need to add permissions to the Private Key. Right click on the Certificates folder and select All Tasks then Import. To add the certificate expand the Certificates (Local Computer) and Personal folders. Click ok to access the Certificates console. In the pop up window select Computer account and on the next screen select Local computer and finish. To access the console open MMC, open the File menu, and select Add/Remove Snap-ins. Make sure you have the private key that goes with the certificate. Install Certificate on the ADFS serverĪdd the new certificate to the ADFS server and import it into the Computer’s Personal Store. If the certificate is not removed then this will cause problems later down the line. You will first want to remove the old certificate from the ADFS and CRM servers. I wanted to share this information so that the process goes as smooth as possible and you aren’t stuck with your environment being down as you scramble to figure out how to get the CRM and ADFS applications working together again. It is not very difficult to do but it took me a little research to piece together all the steps in the right order. With ADFS 3.0 no longer dependent on IIS like its previous version were it changes the process a little bit.
If you are using an Internet Facing Deployment for your CRM there is always that time every 1, 3, or X years where you receive the message to renew your SSL Certificate.
0 kommentar(er)
