?
Solved

What is the process for Certificate creation so that it applies to an FQDN , Microsoft CRM 2011, and our website

Posted on 2015-01-26
6
Medium Priority
?
107 Views
Last Modified: 2015-04-08
We have a Domain name ... safeharborcomputers.net .... that is inward looking. We have a website of www.safeharborcomputers.net ... We have a new CRM 2011 Server on the Domain. In the near future we will be installing a Microsoft Exchange server. All of it needs to be outward looking so that we can reach it from the outside world , and we think that obtaining a certificate for our Domain would solve this problem. Can you advise how this is best accomplished?  Should the certificate be installed on the Domain Controller, the CRM Server, or some other location or method?
0
Comment
Question by:zargf8ns
  • 3
  • 3
6 Comments
 
LVL 30

Accepted Solution

by:
Feridun Kadir earned 2000 total points
ID: 40571610
Any certificate must be installed on servers that are running a web server role.

To make CRM reachable from the outside you will definitely need to purchase an SSL certificate and install it on the CRM server. CRM also requires Active Directory Federation Services (ADFS) to be installed on a server and you will need to install the SSL certificate on the ADFS server too. For CRM I recommend a wildcard certificate so that it covers anyname.safeharborcomputers.net. You can install the wildcard certificate on multiple servers.

I can' speak for Exchange but I'm sure that it needs an SSL certificate too if you are to expose something Outlook Web Access to the Internet.
0
 

Author Comment

by:zargf8ns
ID: 40573291
Feridun - I have obtained a wildcard certificate from GoDaddy that is   *.safeharborcomputers.net   ....... See screen shot 3 of how those certificates look. See screen shot 2 of how IIS looks after importing the two certificates. So, when I open ADFS to get that installed on the CRM server I get to the point where it wants to integrate the certificates into ADFS, but the choice boxes are greyed-out. Can you advise what we're doing wrong? Thanks, Joe W. \ Safe Harbor
ADFS-Import-Cert-Problem-1.jpg
ADFS-Import-Cert-Problem-2.jpg
ADFS-Import-Cert-Problem-3.jpg
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40573304
I think I see the problem. In Cert-Problem 2 I see that the Go Daddy certificates are in the Intermediate Certification Authorities store which is fine except that the wildcard certificate (*.safeharborcomputers.net) must be installed in the Personal store (of Local Computer).
0
Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

 

Author Comment

by:zargf8ns
ID: 40573487
Feridun -  we imported the certificates into the "Personal" folder, along with all the other remaining possibilities ... "Trusted Root Certification Authorities", "Trusted Publishers", Third-Party Root Certification Authorities" ...
Still having the same problem. I have attached three more screen shots of the steps we're taking. Maybe those steps are wrong. Thanks, Joe W \ Safe Harbor
ADFS-Import-Cert-Problem4.jpg
ADFS-Import-Cert-Problem5.jpg
ADFS-Import-Cert-Problem6.jpg
0
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 40573905
Are you still not seeing the SSL certificate offered?  Does the certificate show in IIS under Server Certificates?
The steps look correct.
Image 6 shows the Go Daddy Root Certificate Authority and the Go Daddy Secure Certificate Authority in the Personal store, those two should be in the Intermediate Certificate Authorities store, only the *. (wildcard) cert must be in the Personal store.
0
 

Author Closing Comment

by:zargf8ns
ID: 40604267
These steps got us to the point of being able to interface with CRM. Thank you.
0

Featured Post

[Webinar] Improve your customer journey

A positive customer journey is important in attracting and retaining business. To improve this experience, you can use Google Maps APIs to increase checkout conversions, boost user engagement, and optimize order fulfillment. Learn how in this webinar presented by Dito.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question