Instructions for updating the SSL Certificate used by CRM 2011 (Claims based and/or IFD environments)


One of my customers had to update their SSL certificate used by their CRM 2011 IFD environment. Below are the steps we took to apply the new SSL certificate –

1)      Add the new certificate to the ADFS server

  1. Import the new certificate to the ADFS server
  2. Grant the ADFS App Pool account “Full” permission to the new certificate
  3. Also grant the CRM App Pool account “Read” permission to the new certificate
  4. Bind the new certificate to the ADFS website

 

2)      Add the new certificate to the CRM Server

  1. Import the new certificate to the CRM server
  2. Grant the CRM App Pool account “Read” permission to the new certificate
  3. Bind the new certificate to the CRM website

 

3)      Reconfigure Claims Based Authentication in Deployment Manager on the CRM Server to use the new certificate.

 

4)      On the ADFS server, update all the Relying Party Trusts used by CRM.

 

5)      Perform and IIS Reset on the ADFS and CRM servers.

 

NOTE: It might help to delete/remove and un-bind the old certificate from the ADFS and CRM Servers as well.

 

Comments (8)

  1. Hi,

    thank you for this information.

    Is there any best practice for IFD and claims-based authentication with ADFS 2.0.

    There are alot of blogs which describe how-to.

    Which one would you recommend?

    Thank you!

  2. Clarise says:

    Oh Nice!!! Thanks For the Information.

  3. Julian Sharp says:

    Thanks. I had this back in May last year and ended up cleared ADFS down and starting again to get CRM to work with my updated SSL certificate

  4. What do you do about granting the CRM AppPool permission to the new certificate when ADFS is on another server?

  5. pola says:

    DO i need to remove old ssl before renew on CRM

  6. JustinZ says:

    It works perfectly on MS CRM 2015.
    Thank you!

Skip to main content