The is a checklist for renewing CRM SSL certificate. Applies to CRM 2011, 2013 and 2015.
Server configuration.
- 1 Windows Server 2012 R2 hosting CRM.
- 1 Windows Server 2012 R2 with SQL Server 2012 SP1
- 1 Windows Server 2012 R2 with AD FS installed.
Step 1 – on the CRM server.
- Delete the old certificate.
- Install new certificate.
- Grant the account running the CRM application pool in ISS permission to read the new certificate.
- In IIS edit the bindings for the CRM website and select the new certificate.
Step 2 – On AD FS Server.
- Delete the old certificate.
- Install new certificate.
- Grant the account running the AD FS application pool in ISS permission to read the new certificate.
- Grant the account running the AD FS service permission to read the new certificate.
- In IIS edit the bindings for the ADFS website and select the new certificate.
Step 3 – on the CRM server.
- Run the CRM deployment manger and configure claims-based authentication. Select the new certificate during the configuration.
- In CRM deployment manger configure Internet-Facing Deployment using the default values.
- Restart IIS.
Step 4 – on the AD FS server.
- Restart IIS
- In AD FS Management, update Federation Metadata for the relaying party trusts.
CRM will now be up and running.