Renew or Replace a SSL Certificate in Dynamics CRM

Error Message:
“Exchange Online Security Certificate Expiration Please update your certificate or Exchange Online integration will stop functioning in $count days.”

Resolution (steps):

1. Apply the new cert on the ADFS server
a. Obtain new cert and place it into C:\certs directory
b. Install new cert to local machine certificates store using MMC: Run certlm.msc > Personal > right-click Certificates > All Tasks > Import > Next > Browse > navigate to C:\certs > select the new cert > Open > Next > Next > OK > OK
c. Set cert access permissions: Run certlm.msc > Personal > Certificates > right-click new cert > All Tasks > Manage Private Keys > Add > search and select appropriate service accounts (‘AppPool user account’: READ, ‘ADFS service user account’: FULL) > OK > put a check mark next to appropriate permissions for each account > OK > OK
d. Make a backup of the old cert ***
e. Remove old cert from local machine certificates store using MMC: Run certlm.msc > Personal > Certificates > right-click on the old cert > Delete > Yes ***
f. Set Cert using AD FS Management Console:
– Run %windir%\ADFS\Microsoft.IdentityServer.msc: AD FS > Service > right-click Certificates > Set Service Communications Certificate > select the newly imported Cert > OK
– AD FS > Trust Relationship > Relying Party Trusts > right-click CRM Claims Relying Party > Update from Federation Metadata

2. Apply the new cert on Dynamics CRM Server’s IIS
a. Obtain new cert and place it into C:\certs directory
b. Remove old cert from local machine certificates store using MMC: Run certlm.msc > Personal > Certificates > right-click on the old cert > Delete > Yes
c. Install new cert to local machine certificates store using MMC: Run certlm.msc > Personal > right-click Certificates > All Tasks > Import > Next > Browse > navigate to C:\certs > select the new cert > Open > Next > Next > OK > OK >
d. Set cert access permissions: Run certlm.msc > Personal > Certificates > right-click new cert > All Tasks > Manage Private Keys > Add > search and select appropriate service accounts (‘AppPool user account’: READ, ‘ADFS service user account’: FULL) > OK > put a check mark next to appropriate permissions for each account > OK > OK
e. Apply new cert toward IIS: Run inetmgr.exe > Sites > Microsoft Dynamics CRM > click on Bindings on the right side panel > select https > Edit > click Select > highlight the newly imported cert > OK > OK > Close
f. Reset IIS: run iisreset

3. Apply new cert within CRM using Deployment Manager
a. Run “%PROGRAMFILES%\Microsoft Dynamics CRM\tools\Microsoft.Crm.DeploymentManager.exe” > Configure Claims-Based Authentication > Next > Next > Select > highlight the new Cert > OK > Next > Next > OK
b. Reset IIS: run iisreset

4. Run this script…

Leave a Reply

Your email address will not be published. Required fields are marked *