Certificate error with email router on CRM 2011 RRS feed

  • Question

  • Hi All

    Trying to get my CRM 2011 lab working.  This thread says you can use self-signed certs:


    So I've created a certificate through the Exchange Console and imported it onto the CRM server in trusted and intermediary stores. CRM box is mel-dc1 Exchange 2010 box is mel-svr2.

    So from mel-dc1 I fire up IE pointed to https://mel-svr2/EWS/exchanage.asmx<//a> but I get a certificate error about the certificate being issued for a different website and the router test fails.

    Technet article (http://support.microsoft.com/kb/954584) seems to fit:

    "Cause 2 The URL that you have specified on your Incoming Profile in the Microsoft Dynamcis CRM E-mail Router does not match the URL that you have on your Microsoft Exchange Web Site Certificate."

    So my problem seems to be how do I get that url (https://mel-svr2/EWS/exchanage.asmx) on the certificate and get exchange to recognise it should be bound to: (https://mel-svr2/EWS/exchanage.asmx)

    Help much appreciated - this has killed several weekends :-( and I'm on the functional side so I just want to get on with learning the app.


    Monday, March 5, 2012 3:27 AM

All replies

  • Is creating a SAN cert for any DNS name in my domain and using that for the exchange cert worth trying?

    Monday, March 5, 2012 3:37 AM
  • I tried creating a SAN Cert using makecert as per:


    C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin>makecert.exe -r -pe -n "CN=*.ad
    vworks.msft, CN=mel-svr2" -b 01/01/2010 -e 01/01/2050 -eku -ss
     my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Pro
    vider" -sy 12  c:\exchangeSANcert - succeeded but when I try to import it into exchange it wants to know the password for the private key - which I don't.

    Monday, March 5, 2012 4:22 AM
  • Hi,

    Use this syntax to create certificate in your exchange server. You need to copy Makecert.exe to exchange server and run this query in your exchange server.

    Once it got executed perfectly, certificate will display in IIS Manager-> Certificates.

    From there you can export the certificate with password.

    Or can also run this syntax where iis installed.

    makecert.exe -r -pe -n "CN=*.yourdomain.com" -b 01/01/2009 -e 01/01/2050 -eku -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

    you have to create wildcard certificate with your domain name.


    Khaja Mohiddin

    • Proposed as answer by Khaja Mohiddin Wednesday, March 7, 2012 1:41 PM
    Monday, March 5, 2012 7:01 PM
  • Hi,

    Did you able to resolve this issue?


    Khaja Mohiddin

    Wednesday, March 7, 2012 1:41 PM
  • Thanks Khaja - been busy with my day job.  Will try your makecert recipe today - much appreciated it takes so many options I never would have got it right on my own.
    Friday, March 9, 2012 7:30 PM