Deploy HTTPS without IFD RRS feed

  • Question

  • Hi everyone,

    I have two questions about the deployment of the CRM 2011:

    a) Is it possible to only use the HTTPS without configuring IFD? We want to configure our CRM with an IP valid to be used out of the company. Are there any miss-functions if we do not configure IFD?

    b) What about the certificate? Should we use only wildcard certificates? Or we could use other types of the certificates? The requirement is to use the CRM on an IP without any subdomain.

    Thanks in advance

    Tuesday, April 1, 2014 3:20 PM

All replies

  • Yes you can configure HTTPS without IFD. Adjust the bindings in IIS accordingly and make sure you update the web address in Deployment Manager.

    You can use a wildcard certificate or any other certificate provided that the URL you use to connect to CRM matches the list of addresses on the certificate.

    If you don't configure IFD using CRM in the web browser will I think work but you might have issues if you have multiple organizations. Also, I don't think the CRM for Outlook client will work from outside the network if you don't configure IFD.

    Is there a reason for not configuring IFD?

    Tuesday, April 1, 2014 6:47 PM
  • If you really don't think you have a need for IFD, or perhaps have a policy that dictates you do not allow an application like CRM to be accessed from outside the LAN, then you could still take advantage of using https. This will of course provide encryption between client and server, which you might feel is a level of security you want to adopt, especially if you use wireless networks, for example in meeting rooms.

    Also, https will actually improve performance of the Outlook client and reduce network traffic. For some reason, when using the WCF protocol (as the Outlook client does) the responses when using https are different than with http, and this traffic can be compressed far more efficiently than normal. Using WCF compression is always recommended to improve performance, but the gains when combined with https are considerably better. More info in this article: bit.ly/CRM2011WCFCompression

    As to certificates, you will need a certificate that matches the name of the CRM server. You mention accessing this on an IP - why would you not use a name such as crm.mydomain.local? If you are only using CRM internally (not externally from the internet) then you might not need to use a wildcard certificate since you only need a single name on the certificate. With IFD, every organization has a unique URL and must match be on the certificate, as well as the internal name, and names for other services like the Discovery service. For IFD you also need a certificate for ADFS, so with all those names you may find a wildcard easiest, or at least a certificate with subject alternative names (SANs).

    As an aside, if you look to the future and a possible upgrade to 2013, bear in mind that IFD is a requirement for the Tablet app, but you could always set that up when you find you have a need for it.

    Hope this helps.
    Adam Vero, Microsoft Certified Trainer | Microsoft Community Contributor 2011
    UK CRM Guru Blog

    Wednesday, April 2, 2014 12:28 AM