![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
150 questions
Hi Bijendra Behera,
Thank you for posting in the Microsoft Community Forums.
First, understand the type of certificate
First, you need to clarify whether you are currently using a self-built certificate or a public certificate issued by a third-party certificate authority (CA). Self-built certificates are usually not certified by an external organization and may indicate security risks after installation; while public network certificates do not have such problems.
Second, renew or apply for a new certificate
If it is a self-built certificate:
You need to log in to the IIS (Internet Information Services) Manager of the CRM server.
In the IIS manager, double-click to open “Server Certificates”.
Click on “Create Certificate Request”, fill in the certificate information (including the wildcard domain name) and save it to a local txt file.
Submit the certificate request to your internal CA server or Certificate Authority.
Download and install the newly issued certificate to IIS.
If it is a public certificate:
You need to apply for a new wildcard certificate from a third-party certificate authority (e.g. Tencent Cloud, Aliyun, etc.).
During the application process, you may need to provide domain verification information (such as DNS record verification or email verification).
After the certificate is issued, download the certificate file and follow the instructions of the issuer to install it.
III. Configure the new certificate in CRM
Bind the new certificate to the CRM site:
In IIS Manager, locate the Microsoft Dynamics CRM website.
In the “Bindings” section of the website, add or replace the SSL certificate with the newly issued certificate.
Configure ADFS (Active Directory Federation Services) to use the new certificate:
Open the ADFS Manager.
Under Services, select Certificates.
Click “Set Service Communication Certificate” and select the newly issued certificate.
Update the certificate fingerprint (if required). You can view the fingerprint of the new certificate through IIS or ADFS Manager, and update the certificate fingerprint in CRM using PowerShell commands.
Restart the ADFS service and the CRM service:
After completing the certificate replacement, restart the ADFS service and CRM-related services to ensure that the new certificate takes effect.
Verify the configuration:
Visit the CRM website through a browser to ensure that there are no certificate-related warnings or errors.
Verify that statement-based authentication is working properly.
IV. Precautions
During the certificate replacement process, ensure that you back up the current configuration and certificate so that you can restore it in the event of a problem.
If there are problems with communication between CRM and ADFS, check that the certificates are properly bound and configured.
If permissions issues are encountered, ensure that the CRM service account and the ADFS service account have permissions to access the new certificate.
Best regards
Neuvi