locked
Configure IFD using 5 SAN certificates RRS feed

  • Question

  • I want to configure IFD form CRM 2011 using 5 SAN certificates.

    I search a lot to get a solution for this but didn't find anything. In all demos they are using wildcard certificate.

    I have following certificates: adfs.mycompany.uk, auth.mycompany.uk, crm.mycompany.uk, dev.mycompany.uk and myorg.mycompany.uk

    - adfs.mycompany.uk is used on Default Web Site on port 443 when I configure adfs
    - crm.mycompany.uk is used on Microsoft Dynamics CRM on port 444 and is used for internal

    The problem is that I cannot bind other certificates on port 444 on IIS

    How can I bind the rest of the certificates on IIS on the same port?
    How can I configure IFD for CRM 2011 with 5 certificates for Internal and External?

    Thursday, May 24, 2012 1:32 PM

Answers

  • I dont think its possible to configure IFD with 5 individual certificates. You need to get 5 sub domain certificate which is only one cert but it contains all the 5 host names information in it.

    Or create a SSL wildcard certificate and configure IFD.

    Regards,


    Khaja Mohiddin
    http://www.dynamicsexchange.com
    http://about.me/KhajaMohiddin

    Thursday, May 24, 2012 3:08 PM
  • SAN certificates usually refer to ONE certificate that has several 'alternative' names attached to the certificate, hence the name 'subject alternative name' certificate. The way we have done this is to put all 5 (or more) of those URL's you mention onto one single SAN certificate (or use a wildcard cert where allowed). To my knowledge, you can only bind one certificate to a website in IIS. Then you can have internal and external all working on the same port, you should not need to split them out.

    On a side note, wildcard certs are obviously a little nicer if you may be adding additional organizations in the future for any reason

    Thursday, May 24, 2012 3:20 PM

All replies

  • Hi Apostol,

    Do you have 5 individual certificates or its 5 Sub domain certificate?

    Regards,


    Khaja Mohiddin
    http://www.dynamicsexchange.com
    http://about.me/KhajaMohiddin

    Thursday, May 24, 2012 2:32 PM
  • I have 5 individual certificates, one for each of adfs.mycompany.uk, auth.mycompany.uk, crm.mycompany.uk, dev.mycompany.uk and myorg.mycompany.uk
    Thursday, May 24, 2012 3:02 PM
  • I dont think its possible to configure IFD with 5 individual certificates. You need to get 5 sub domain certificate which is only one cert but it contains all the 5 host names information in it.

    Or create a SSL wildcard certificate and configure IFD.

    Regards,


    Khaja Mohiddin
    http://www.dynamicsexchange.com
    http://about.me/KhajaMohiddin

    Thursday, May 24, 2012 3:08 PM
  • SAN certificates usually refer to ONE certificate that has several 'alternative' names attached to the certificate, hence the name 'subject alternative name' certificate. The way we have done this is to put all 5 (or more) of those URL's you mention onto one single SAN certificate (or use a wildcard cert where allowed). To my knowledge, you can only bind one certificate to a website in IIS. Then you can have internal and external all working on the same port, you should not need to split them out.

    On a side note, wildcard certs are obviously a little nicer if you may be adding additional organizations in the future for any reason

    Thursday, May 24, 2012 3:20 PM
  • As I understand it seems to be ok to use a UCC certificate with multiple Subject Alternative Names like adfs.mycompany.uk, auth.mycompany.uk, crm.mycompany.uk, dev.mycompany.uk and myorg.mycompany.uk ?

    Friday, May 25, 2012 11:59 AM
  • Yes, this is what you need to buy.

    Regards,


    Khaja Mohiddin
    http://www.dynamicsexchange.com
    http://about.me/KhajaMohiddin

    Friday, May 25, 2012 12:12 PM