Solved

What is the process for Certificate creation so that it applies to an FQDN , Microsoft CRM 2011, and our website

Posted on 2015-01-26
6
91 Views
Last Modified: 2015-04-08
We have a Domain name ... safeharborcomputers.net .... that is inward looking. We have a website of www.safeharborcomputers.net ... We have a new CRM 2011 Server on the Domain. In the near future we will be installing a Microsoft Exchange server. All of it needs to be outward looking so that we can reach it from the outside world , and we think that obtaining a certificate for our Domain would solve this problem. Can you advise how this is best accomplished?  Should the certificate be installed on the Domain Controller, the CRM Server, or some other location or method?
0
Comment
Question by:zargf8ns
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
Feridun Kadir earned 500 total points
ID: 40571610
Any certificate must be installed on servers that are running a web server role.

To make CRM reachable from the outside you will definitely need to purchase an SSL certificate and install it on the CRM server. CRM also requires Active Directory Federation Services (ADFS) to be installed on a server and you will need to install the SSL certificate on the ADFS server too. For CRM I recommend a wildcard certificate so that it covers anyname.safeharborcomputers.net. You can install the wildcard certificate on multiple servers.

I can' speak for Exchange but I'm sure that it needs an SSL certificate too if you are to expose something Outlook Web Access to the Internet.
0
 

Author Comment

by:zargf8ns
ID: 40573291
Feridun - I have obtained a wildcard certificate from GoDaddy that is   *.safeharborcomputers.net   ....... See screen shot 3 of how those certificates look. See screen shot 2 of how IIS looks after importing the two certificates. So, when I open ADFS to get that installed on the CRM server I get to the point where it wants to integrate the certificates into ADFS, but the choice boxes are greyed-out. Can you advise what we're doing wrong? Thanks, Joe W. \ Safe Harbor
ADFS-Import-Cert-Problem-1.jpg
ADFS-Import-Cert-Problem-2.jpg
ADFS-Import-Cert-Problem-3.jpg
0
 
LVL 29

Expert Comment

by:Feridun Kadir
ID: 40573304
I think I see the problem. In Cert-Problem 2 I see that the Go Daddy certificates are in the Intermediate Certification Authorities store which is fine except that the wildcard certificate (*.safeharborcomputers.net) must be installed in the Personal store (of Local Computer).
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:zargf8ns
ID: 40573487
Feridun -  we imported the certificates into the "Personal" folder, along with all the other remaining possibilities ... "Trusted Root Certification Authorities", "Trusted Publishers", Third-Party Root Certification Authorities" ...
Still having the same problem. I have attached three more screen shots of the steps we're taking. Maybe those steps are wrong. Thanks, Joe W \ Safe Harbor
ADFS-Import-Cert-Problem4.jpg
ADFS-Import-Cert-Problem5.jpg
ADFS-Import-Cert-Problem6.jpg
0
 
LVL 29

Expert Comment

by:Feridun Kadir
ID: 40573905
Are you still not seeing the SSL certificate offered?  Does the certificate show in IIS under Server Certificates?
The steps look correct.
Image 6 shows the Go Daddy Root Certificate Authority and the Go Daddy Secure Certificate Authority in the Personal store, those two should be in the Intermediate Certificate Authorities store, only the *. (wildcard) cert must be in the Personal store.
0
 

Author Closing Comment

by:zargf8ns
ID: 40604267
These steps got us to the point of being able to interface with CRM. Thank you.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question