Issue with updating certificates - CRM 2011 / ADFS 2.0 RRS feed

  • Question

  • Hey All,

    So I came in today to find that a cert had expired and CRM and ADFS 2.0 was not happy.

    My network admin went through and got the cert renewed and imported the new cert to my server, I've gone through to try and update CRM and ADFS but I'm still having issues.

    CRM 2011 and ADFS 2.0 are on the same server.

    Here's what I've done:

    1. Added the new cert to Local Computer of the CRM / ADFS server in the Personal and Trusted Root stores
    2. Granted ADFS and CRM app pool account read permissions to the new cert
    3. Updated CRM and ADFS IIS site bindings for the new cert

    Here's where the trouble starts.  After the above I go in to reconfigure Claims Based Auth in Deployment Manager, leave the federation metadata URL unchanged and select the new cert - this fails.

    System checks complains that the federation metadata URL is not available and that the encryption certificate does not exist in the local computer store.

    My CRM site results in this error - Relying Party Certificate was not found.

    I've gone in to ADFS 2.0 and set the Service communications certificate to the new cert and when I review the Relying Party Trusts for my internal and external identifiers they should red X and on the encryption tab it is stated that the certificate has expired.  Trying to update the two trusts from Federation Medatada throws a 502 error: bad gateway.

    Any ideas?  What am I missing?  How can I update the trusts and get the site back up?


    Friday, March 21, 2014 9:54 PM

All replies