Solved

What is the process for Certificate creation so that it applies to an FQDN , Microsoft CRM 2011, and our website

Posted on 2015-01-26
6
94 Views
Last Modified: 2015-04-08
We have a Domain name ... safeharborcomputers.net .... that is inward looking. We have a website of www.safeharborcomputers.net ... We have a new CRM 2011 Server on the Domain. In the near future we will be installing a Microsoft Exchange server. All of it needs to be outward looking so that we can reach it from the outside world , and we think that obtaining a certificate for our Domain would solve this problem. Can you advise how this is best accomplished?  Should the certificate be installed on the Domain Controller, the CRM Server, or some other location or method?
0
Comment
Question by:zargf8ns
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
Feridun Kadir earned 500 total points
ID: 40571610
Any certificate must be installed on servers that are running a web server role.

To make CRM reachable from the outside you will definitely need to purchase an SSL certificate and install it on the CRM server. CRM also requires Active Directory Federation Services (ADFS) to be installed on a server and you will need to install the SSL certificate on the ADFS server too. For CRM I recommend a wildcard certificate so that it covers anyname.safeharborcomputers.net. You can install the wildcard certificate on multiple servers.

I can' speak for Exchange but I'm sure that it needs an SSL certificate too if you are to expose something Outlook Web Access to the Internet.
0
 

Author Comment

by:zargf8ns
ID: 40573291
Feridun - I have obtained a wildcard certificate from GoDaddy that is   *.safeharborcomputers.net   ....... See screen shot 3 of how those certificates look. See screen shot 2 of how IIS looks after importing the two certificates. So, when I open ADFS to get that installed on the CRM server I get to the point where it wants to integrate the certificates into ADFS, but the choice boxes are greyed-out. Can you advise what we're doing wrong? Thanks, Joe W. \ Safe Harbor
ADFS-Import-Cert-Problem-1.jpg
ADFS-Import-Cert-Problem-2.jpg
ADFS-Import-Cert-Problem-3.jpg
0
 
LVL 29

Expert Comment

by:Feridun Kadir
ID: 40573304
I think I see the problem. In Cert-Problem 2 I see that the Go Daddy certificates are in the Intermediate Certification Authorities store which is fine except that the wildcard certificate (*.safeharborcomputers.net) must be installed in the Personal store (of Local Computer).
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:zargf8ns
ID: 40573487
Feridun -  we imported the certificates into the "Personal" folder, along with all the other remaining possibilities ... "Trusted Root Certification Authorities", "Trusted Publishers", Third-Party Root Certification Authorities" ...
Still having the same problem. I have attached three more screen shots of the steps we're taking. Maybe those steps are wrong. Thanks, Joe W \ Safe Harbor
ADFS-Import-Cert-Problem4.jpg
ADFS-Import-Cert-Problem5.jpg
ADFS-Import-Cert-Problem6.jpg
0
 
LVL 29

Expert Comment

by:Feridun Kadir
ID: 40573905
Are you still not seeing the SSL certificate offered?  Does the certificate show in IIS under Server Certificates?
The steps look correct.
Image 6 shows the Go Daddy Root Certificate Authority and the Go Daddy Secure Certificate Authority in the Personal store, those two should be in the Intermediate Certificate Authorities store, only the *. (wildcard) cert must be in the Personal store.
0
 

Author Closing Comment

by:zargf8ns
ID: 40604267
These steps got us to the point of being able to interface with CRM. Thank you.
0

Featured Post

Don't miss ATEN at NAB Show April 24-27!

Visit ATEN at NAB Show to learn how our "Seamlessly Entertaining" solutions deliver fast, precise video streaming without delays for the broadcasting and media environment. ATEN will showcase its 16x16 Modular Matrix Switch (VM1600) and KVM Over IP Solution (KE6900 series).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question