Changing the SSL certificate

If you change the certificates used by Microsoft Dynamics CRM and AD FS, follow these steps.

Updating the SSL certificate

1. Add the new certificate to the AD FS server.

   1. Import the new certificate to the AD FS server.

   2. Grant the ADFSAppPool account Read permission to the new certificate

   3. Bind the new certificate to the AD FS website.

2. Add the new certificate to the Microsoft Dynamics CRM server.

   1. Import the new certificate to the Microsoft Dynamics CRM server.

   2. Grant the CRMAppPool account Read permission to the new certificate

   3. Bind the new certificate to the Microsoft Dynamics CRM website.

3. Start the Deployment Manager and run the Configure Claims-Based Authentication Wizard to use the new certificate.

4. On the AD FS server, update all the relying party trusts used by Microsoft Dynamics CRM.

5. If the certificate subject name changes, update the root domain web addresses to match the new subject name. For more information, see: Configure the Microsoft Dynamics CRM Server 2011 for claims-based authentication in this document.

6. Run the iisreset command on the AD FS and Microsoft Dynamics CRM servers.

Send comments about this article to Microsoft.

© 2012 Microsoft Corporation. All rights reserved.