How to update the SSL Certificate for Microsoft Dynamics 365 / CRM

Microsoft Dynamics 365 Technical Article

Article sections

    Summary: Steps to update an SSL certificate for Microsoft Dynamics 365 / Dynamics CRM
    Article Type: Information / Troubleshooting / Support
    Related Product(s): This article relates to the following products:

    • Microsoft Dynamics CRM
    • Microsoft Dynamics 365
    Related Articles:

    Introduction

    Microsoft Dynamics 365 / Dynamics CRM can be configured to use SSL (Secure Sockets Layer). For this to work, an SSL certificate is required.

    Certificates can be purchased from certificate providers and will expire after a certain period of time. Once this time has elapsed, Microsoft Dynamics CRM will no longer work until the certificate is updated.

    This article describes the process to update the certificate for Microsoft Dynamics CRM

    Installing the new certificate

    You will need to import your certificate into the local certificate store on each CRM server that uses web services, and the AD FS server if claims-based authentication is enabled.

    CertificateStore

    Instructions on how to import a certificate can be obtained from your certificate provider.

    Note: Problems may occur if you do not remove the old certificate.

    Add permission to the certificate

    It is necessary to grant specific permissions to the certificate to allow service accounts access.

    Manage Private Keys

    The following steps show how to add permissions to the certificate.

    1. Open the Certificate Console on the server.
    2. Check out the Microsoft Wiki for help
    3. Navigate to (Local Computer) > Personal > Certificates
    4. Right-click the new certificate. Go to All Tasks > Manage Private Keys
    5. Add following permissions
      • AD FS Server: CRMAppPool Account = “Read”
      • AD FS Server: ADFSAppPool Account = “Full”
      • CRM Server: CRMAppPool Account = “Read”

    Update IIS (Internet Information Services) to use the new certificate

    On the Microsoft Dynamics CRM website, the certificate bindings will need to be updated.

    IIS Select Certificate

    The following steps show how to bind the new certificate using IIS 8.

    1. Log on to the Microsoft Dynamics CRM Server.
    2. Open IIS.
    3. Locate the Microsoft Dynamics CRM website.
    4. Right click the website and click Edit Bindings.
    5. Select HTTPS and click Edit….
    6. Select the new certificate and click OK to save the settings.
    7. Close all open windows.

    Reconfigure Claims-Based Authentication

    The Microsoft Dynamics CRM application will need to be updated to use the new certificate.

    Claims Setting

    The following steps show how to reconfigure claims-based authentication.

    1. Open Deployment Manager
    2. Click Configure Claims-Based Authentication to open the wizard
    3. Click Next on the Welcome page
    4. Click Next on the Token Service page
    5. Select the new certificate on the Select Certificate page
    6. Click Next to complete the configuration

    Update AD FS (Active Directory Federation Services)

    In AD FS, the Service Communication certificate will need to be updated.

    ADFS Certificate

    The following steps show how to update the Service Communication certificate in AD FS 2.0.

    1. Open AD FS 2.0
    2. Navigate to AD FS 2.0 > Service > Certificates
    3. Click Set Service Communications Certificate
    4. Select the certificate and click OK

    Final Tasks

    To finish the process, all affected services will need to be restarted.

    IISRESET

    The following steps should be completed once the certificate has been updated.  It may also be necessary to follow these steps if problems occur during any of the previous tasks.

    • Perform an IISRESET on each server
    • Restart the AD FS service on AD FS server
    • Update Relying Party metadata
      1. Open AD FS 2.0
      2. Navigate to AD FS 2.0 > Trust Relationships > Relying Party Trusts
      3. Right-click each relying party and select Update from Federation Metadata
      4. Click Update

    For support queries or any other CRM related questions, please contact us – we’d love to chat with you.

    Related Information:

    in MicrosoftMicrosoft Dynamics CRMSupportTroubleshooting
    Share This Post
    More To Explore

    Sign Up To Our Newsletter For Regular Updates And News