Microsoft CRM IFD SSL Certificate Renewal

Following on from our very popular IFD configuration for Microsoft CRM.

http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

The time will come around where you need to renew the SSL certificate for your CRM IFD configuration.

This will include the renewal of the SSL certificate as used by IIS and and ADFS. Couple of steps we followed based exactly on the configuration outlined in our above linked blog post.

Generate a new SSL Request.

1. Open IIS Manager and click on server certificates.

image

2. Create certificate request

image

3. Fill in the data:

image Next

4. Change to 2048 Bit

image

5. Give it a name:

image

Finish and you are done.

Now Open the certificate text file and copy the text to your clip board, or use this with your certificate authority to issue you a new Wild Card Certificate. *.interactivewebs.com is what we use.

To get the certificate we use a service called “startssl.com” who allow you to issue certificates like this for 2 years for free once you are validated as a user.

Complete the Certificate Request

Once the new certificate has been issued to you you need to complete the request on IIS.

1. In IIS Manager click on Complete Certificate Request

image

2. Browse to the certificate from your issuer provider and give it a friendly name. We like to use a year in the name to help distinguish from the old one.

image

Finish the import.

Change the certificate used by IIS

1. Expand the two sites on the CRM server and click on Default Website first then Bindings / https

image

Then EDIT

2. Select the new certificate that you just imported and click on OK

image

3. Repeat this process fro the Microsoft Dynamics CRM website

image

selecting the new certificate here and OK.

4. Restart IIS

Set Permissions on SSL Certificate

1.  Click Start, and then click Run.
2.  Type MMC.
3.  On the File menu, click  Add/Remove Snap-in.
4.  In the Available snap-ins list, select Certificates, and then click Add. The Certificates Snap-in Wizard starts.
5.  Select Computer account, and then click Next.
6.  Select Local computer: (the computer this console is running on), and then click Finish.
7.  Click OK.
8.  Expand Console Root\Certificates (Local Computer)\Personal\Certificates.
9.  Right-click Certificates, click All Tasks, and then click Import.

Step 2: Add to the ADFS service account the permissions to access the private key of the new certificate. To do this, follow these steps:

1.  With the local computer certificate store still open, select the certificate that was just imported.
2.  Right-click the certificate, click All Tasks, and then  click Manage Private Keys.
3.  Add the account that is running the ADFS Service, and then give the account at least read permissions. (for us this is the Network Service)

Run the Deployment Manager with new Certificate

1. Run the CRM deployment manager:

image

2. Run the Configure Claims-based Authentication

image

Select the default settings.

image

image

Which should be the default from your IFD setup

But when you get to the Certificate, you need to select the new certificate.

image

image

Which should be visible from the list after importing it in the steps above.

3. Run the Configure Internet Facing Deployment action and just step though it with the default settings.

image

4. Restart the AD FS 2.0 Windows Service

image

Configure AD

Set the Service Communication Certificate

1. Start AD FS 2.0 Management

image

2. Expand certificates and select Set Service Communications Certificate

image

3. Select the new certificate that will be listed here.

image

Update Relying Party Trusts

1. From the AD FS 2.0 Management, Select your replying party trusts and update from the federation metadata one by one.

image

Update both listed. They will likely have a red cross before you do this.

Restart Services

Restart AD FS Service:

image

and restart IIS the usual way.

And you should be done. Login to your CRM IFD again and enjoy.

Please feel free to link to / reference this blog. Comments welcome below.

About InteractiveWebs

This blog is the combined blog work of the InteractiveWebs Dev Team. Together we work on a range of DotNetNuke (DNN) applications, modules, Silverlight, and Microsoft CRM Portal integration products.

Our Business is website design and hosting, with a strong focus on DotNetNuke, Microsoft Dynamics CRM, Silverlight and iPhone iPad development.

Tagged . Bookmark the permalink.

14 Responses to Microsoft CRM IFD SSL Certificate Renewal

  1. Mike says:

    You guys rock! Worked like a charm.

    Thank you.

  2. Really your post is very good and I appreciate it, thank you.

  3. Luis Espitia says:

    Thank you. Works perfectly.
    This article is the best for resolve the problem.

  4. Didier T. says:

    Nice one. One thing that happened to me though : if you leave the old certificate on the CRM server, you’ll get an error when trying to configure claim-based authentication. Just export the expiring certificate with private key (for contingency purpose only) then delete it before configuring claim-based authentication.

    • I did not find that problem. Just configured the new cert for the authentication, the old one remained but was no longer referenced and did not experience the problem you describe.

    • Thankful says:

      Didier T – so pleased you reported this. Took me a while to work out what was happening. Removing the old cert corrected the issue instantly.

  5. sateesh says:

    very useful information
    thanks a lot

  6. lior says:

    Thank you! Just save my day 🙂

  7. This was Awesome! Thanks for putting it together.

Leave a Reply

Your email address will not be published. Required fields are marked *