ADFS certificate rollover RRS feed

  • Question

  • We are using Microsoft Dynamics CRM 2011 On premise for one of our client. For client requirement, we enabled the IFD for CRM 2011 three years ago. To get enabled the IFD, client purchased SSL certificate from third party which ADFS uses it to authenticate the CRM user.

    SSL certificate was purchased in 2013 and will expire in April 2016. These are the dates we could see in Service Communication certificate. Every Year “Token-decrypting” and “Token-signing”  certificate gets  and rollovers automatically. For Example, Here You will notice a primary and secondary certificate.

    In our case, secondary certificate expiry date was Feb 2,2015. Primary certificate was showing effective date as Jan 19, 2015. On Jan 20th,2015, CRM users were not able login to CRM 2011. 

    Based on above we have few queries and would like you to guide us.

    If secondary certificate expiration date (of “Token-decrypting” and “Token-signing”) is ahead of 15 days then why ADFS do not allows to login MS CRM 2011.
    If primary certificate gets generated before 15 days and is effective from Jan 19,2015 then why ADFS gets stuck on the next day as we get stuck on Jan 20, 2015.
    Why ADFS can't automatically apply / configure the newly generated certificate or advise any steps to get it done automatically.
    If we have purchased SSL certificate for 3 years and will expire on April, 2016 then why there is a concept of generating certificate ( Primary and Secondary ) every year and that too we need to apply / configure it manually.

    Please guide on the above queries so that we can take the measures for smooth functioning of CRM 2011.

    Wednesday, January 21, 2015 2:51 PM