CRM2011: claims based authentication, replace self-generated certificate RRS feed

  • Question

  • Does anyone have experience with replacing the self-generated certificate with a certificate bought from an official certificate provider.

    What are the steps?

    Tuesday, August 2, 2011 9:39 AM

All replies

  • Hi Vip33,

    I was using this procedure to change Certificate in ADFS 2.0: http://support.microsoft.com/kb/2504439

    However I notice some problems after this. I had to configure once again Claims Authentication.


    My Dynamics CRM Blog: http://bovoweb.blogspot.com
    Tuesday, August 2, 2011 11:28 AM
  • Hi,

    If you are changing your encryption certificate, you will need to rerun the claims authentication wizard. You will probably want to rerun through the IFD wizard as well (keeping all the inputs the same) to regenerate the IFD federation metadata since I believe that the encryption cert info is also in the IFD federation metadata.

    If you have your ADFS setup to monitor your federation metadata endpoints, ADFS should pick up the changes as part of its regular polling interval.

    If you are also using this certificate for your SSL binding, you might need to change the IFD inputs to fulfill the cert CN. If this is the case, you will also need to make DNS changes.


    Monday, August 15, 2011 7:23 PM