Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

What is the process for Certificate creation so that it applies to an FQDN , Microsoft CRM 2011, and our website

Posted on 2015-01-26
6
Medium Priority
?
104 Views
Last Modified: 2015-04-08
We have a Domain name ... safeharborcomputers.net .... that is inward looking. We have a website of www.safeharborcomputers.net ... We have a new CRM 2011 Server on the Domain. In the near future we will be installing a Microsoft Exchange server. All of it needs to be outward looking so that we can reach it from the outside world , and we think that obtaining a certificate for our Domain would solve this problem. Can you advise how this is best accomplished?  Should the certificate be installed on the Domain Controller, the CRM Server, or some other location or method?
0
Comment
Question by:zargf8ns
  • 3
  • 3
6 Comments
 
LVL 30

Accepted Solution

by:
Feridun Kadir earned 2000 total points
ID: 40571610
Any certificate must be installed on servers that are running a web server role.

To make CRM reachable from the outside you will definitely need to purchase an SSL certificate and install it on the CRM server. CRM also requires Active Directory Federation Services (ADFS) to be installed on a server and you will need to install the SSL certificate on the ADFS server too. For CRM I recommend a wildcard certificate so that it covers anyname.safeharborcomputers.net. You can install the wildcard certificate on multiple servers.

I can' speak for Exchange but I'm sure that it needs an SSL certificate too if you are to expose something Outlook Web Access to the Internet.
0
 

Author Comment

by:zargf8ns
ID: 40573291
Feridun - I have obtained a wildcard certificate from GoDaddy that is   *.safeharborcomputers.net   ....... See screen shot 3 of how those certificates look. See screen shot 2 of how IIS looks after importing the two certificates. So, when I open ADFS to get that installed on the CRM server I get to the point where it wants to integrate the certificates into ADFS, but the choice boxes are greyed-out. Can you advise what we're doing wrong? Thanks, Joe W. \ Safe Harbor
ADFS-Import-Cert-Problem-1.jpg
ADFS-Import-Cert-Problem-2.jpg
ADFS-Import-Cert-Problem-3.jpg
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40573304
I think I see the problem. In Cert-Problem 2 I see that the Go Daddy certificates are in the Intermediate Certification Authorities store which is fine except that the wildcard certificate (*.safeharborcomputers.net) must be installed in the Personal store (of Local Computer).
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:zargf8ns
ID: 40573487
Feridun -  we imported the certificates into the "Personal" folder, along with all the other remaining possibilities ... "Trusted Root Certification Authorities", "Trusted Publishers", Third-Party Root Certification Authorities" ...
Still having the same problem. I have attached three more screen shots of the steps we're taking. Maybe those steps are wrong. Thanks, Joe W \ Safe Harbor
ADFS-Import-Cert-Problem4.jpg
ADFS-Import-Cert-Problem5.jpg
ADFS-Import-Cert-Problem6.jpg
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40573905
Are you still not seeing the SSL certificate offered?  Does the certificate show in IIS under Server Certificates?
The steps look correct.
Image 6 shows the Go Daddy Root Certificate Authority and the Go Daddy Secure Certificate Authority in the Personal store, those two should be in the Intermediate Certificate Authorities store, only the *. (wildcard) cert must be in the Personal store.
0
 

Author Closing Comment

by:zargf8ns
ID: 40604267
These steps got us to the point of being able to interface with CRM. Thank you.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question