Solved

What is the process for Certificate creation so that it applies to an FQDN , Microsoft CRM 2011, and our website

Posted on 2015-01-26
6
101 Views
Last Modified: 2015-04-08
We have a Domain name ... safeharborcomputers.net .... that is inward looking. We have a website of www.safeharborcomputers.net ... We have a new CRM 2011 Server on the Domain. In the near future we will be installing a Microsoft Exchange server. All of it needs to be outward looking so that we can reach it from the outside world , and we think that obtaining a certificate for our Domain would solve this problem. Can you advise how this is best accomplished?  Should the certificate be installed on the Domain Controller, the CRM Server, or some other location or method?
0
Comment
Question by:zargf8ns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 29

Accepted Solution

by:
Feridun Kadir earned 500 total points
ID: 40571610
Any certificate must be installed on servers that are running a web server role.

To make CRM reachable from the outside you will definitely need to purchase an SSL certificate and install it on the CRM server. CRM also requires Active Directory Federation Services (ADFS) to be installed on a server and you will need to install the SSL certificate on the ADFS server too. For CRM I recommend a wildcard certificate so that it covers anyname.safeharborcomputers.net. You can install the wildcard certificate on multiple servers.

I can' speak for Exchange but I'm sure that it needs an SSL certificate too if you are to expose something Outlook Web Access to the Internet.
0
 

Author Comment

by:zargf8ns
ID: 40573291
Feridun - I have obtained a wildcard certificate from GoDaddy that is   *.safeharborcomputers.net   ....... See screen shot 3 of how those certificates look. See screen shot 2 of how IIS looks after importing the two certificates. So, when I open ADFS to get that installed on the CRM server I get to the point where it wants to integrate the certificates into ADFS, but the choice boxes are greyed-out. Can you advise what we're doing wrong? Thanks, Joe W. \ Safe Harbor
ADFS-Import-Cert-Problem-1.jpg
ADFS-Import-Cert-Problem-2.jpg
ADFS-Import-Cert-Problem-3.jpg
0
 
LVL 29

Expert Comment

by:Feridun Kadir
ID: 40573304
I think I see the problem. In Cert-Problem 2 I see that the Go Daddy certificates are in the Intermediate Certification Authorities store which is fine except that the wildcard certificate (*.safeharborcomputers.net) must be installed in the Personal store (of Local Computer).
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:zargf8ns
ID: 40573487
Feridun -  we imported the certificates into the "Personal" folder, along with all the other remaining possibilities ... "Trusted Root Certification Authorities", "Trusted Publishers", Third-Party Root Certification Authorities" ...
Still having the same problem. I have attached three more screen shots of the steps we're taking. Maybe those steps are wrong. Thanks, Joe W \ Safe Harbor
ADFS-Import-Cert-Problem4.jpg
ADFS-Import-Cert-Problem5.jpg
ADFS-Import-Cert-Problem6.jpg
0
 
LVL 29

Expert Comment

by:Feridun Kadir
ID: 40573905
Are you still not seeing the SSL certificate offered?  Does the certificate show in IIS under Server Certificates?
The steps look correct.
Image 6 shows the Go Daddy Root Certificate Authority and the Go Daddy Secure Certificate Authority in the Personal store, those two should be in the Intermediate Certificate Authorities store, only the *. (wildcard) cert must be in the Personal store.
0
 

Author Closing Comment

by:zargf8ns
ID: 40604267
These steps got us to the point of being able to interface with CRM. Thank you.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question