locked
can not create a certificate for ADFS 2.0 RRS feed

  • Question

  • hi 

    I have microsoft dynamic crm 2011 and I want to install ADFS 2.0 on the crm server.

    but when I wan to install in SSL Certificate,there is just one certificate (WMsvc-Domain) and I cant choose another and yhis certificate can not be.

    how can I create another certificate or choose another Cert ????

    Sunday, May 13, 2012 4:50 PM

Answers

  • Which part of the configuration process are you refering to when you only see one certificate ? Is it:

    1. In IIS Manager, when allocating a certificate to the default web site ? The list of certificates available here will be those certificates that are installed on the server. To install a certificate on the server, use the Certificates MMC snap-in
    2. In ADFS setup ? ADFS will install on the default web site, so the only certificate available will be the certificate assigned to the default web site

    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk


    Monday, May 14, 2012 8:19 AM
    Moderator

All replies

  • Hi,

    Certificate Management is one of the toughest things to get all of this working.

    Please have a look at the articles below:

    http://dynamics-crm2011.blogspot.com.au/2011/05/crm-2011-adfs-20-federating-with-adfs.html

    http://technet.microsoft.com/en-us/library/gg188612.aspx

    I hope this helps. If my response answered your question, please mark the response as an answer and also vote as helpful.


    Ashish Mahajan, CRM Developer, CSG (Melbourne)
    My Personal Website: http://www.ashishmahajan.com
    My Blogs: http://ashishmahajancrm.blogspot.com.au and http://ashishmahajancrm.wordpress.com
    My Youtube Channel: http://www.youtube.com/user/ashishmahajanmscrm

    My Linkedin: View Ashish Mahajan's profile on LinkedIn
    My Twitter: https://twitter.com/#!/ashishmahajan74

    Sunday, May 13, 2012 11:21 PM
  • You either need to purchase the certificate from a third party that is authorized to issue SSL certificates or you can create a self-signed certificate. Note the self-signed certificate should be used only for training and testing purposes.

    To create the certificate you can use the following command. Note you need to create *.domain.com certificate so that it could be used for sts1.domain.com as well as your CRM organizations.

    makecert -r -pe -n "cN=*.adventure.com" -sv "c:\ifd\adventurewild.pvk" -sky exchange "c:\ifd\adventurewild.cer"

    cert2spc "c:\ifd\adventurewild.cer" "c:\ifd\adventurewild.spc"

    pvk2pfx -pvk "c:\ifd\adventurewild.pvk" -spc "c:\ifd\adventurewild.spc" -pfx "c:\ifd\adventure.pfx" -po adventure

    Note you will have to check the web if you do not find these commands makecert, cert2spc and pvk2pfx on your system.

    HTH

    Sam


    Dynamics CRM MVP | Inogic | http://inogic.blogspot.com| news at inogic dot com

    If this post answers your question, please click "Mark As Answer" on the post and "Mark as Helpful"

    Monday, May 14, 2012 5:10 AM
  • Hi,

    I suppose you mean that you can only select one certificate on the binding configuration of the iis-website!? Far as I know you have to register a self-signed certificate not only in the certificate store of the server but also in the iis settings.

    Greets,

    Andreas


    Andreas Buchinger
    Microsoft Dynamics Certified Technology Specialist
    MCPD: SharePoint Developer 2010

    Monday, May 14, 2012 5:44 AM
  • Which part of the configuration process are you refering to when you only see one certificate ? Is it:

    1. In IIS Manager, when allocating a certificate to the default web site ? The list of certificates available here will be those certificates that are installed on the server. To install a certificate on the server, use the Certificates MMC snap-in
    2. In ADFS setup ? ADFS will install on the default web site, so the only certificate available will be the certificate assigned to the default web site

    Microsoft CRM MVP - http://mscrmuk.blogspot.com  http://www.excitation.co.uk


    Monday, May 14, 2012 8:19 AM
    Moderator