Tip #831: Avoiding pain when renewing certificates in AD FS

Queue to renew

Expiring certificate for https://adfs.contoso.com, you say? Considering Let’s Encrypt goodness, that should be easy to fix, right? Import new certificate (make sure to include private key) Grant permission to AD FS service account to read the private key Open AD FS manager, navigate to AD FS > Service > Certificates Click Set Service Communications Certificate… and […]

Tip #769: Careful who you use as certificate authority

Fake certificate

Sometimes we need to call web services from a plugin or a custom workflow activity. For CRM Online it means calling it from the sandbox and there are certain restrictions that apply to the network access. These restrictions are clear and well understood, however, if you call service over https protocol, one addition restriction applies: […]

Tip #680: No more excuses for not using SSL

Connection privacy error

We all know about the goodness of SSL. CRM Online and On-premises IFD deployments won’t work without it. However, when it comes to creating and consuming web services, people become incredibly lax about using SSLs and happy to transmit even confidential information using plain http. Excuse is usually down the “who needs this information anyway” […]

Tip #452: How to use SSL certificates internally

tl;dr Get a wildcard SSL certificate for your domain, reserve some names for internal CRM (e.g. internalcrm.contoso.com) and use internal DNS to resolve those addresses internally-only. If blah.foobar.local is required, domain CA should be used to issue an internal only certificate with trust implied. The Stop Our own Joel “Standing on the shoulders of other […]

Tip #99: Remember when your certificates expire

I will occasionally get the frantic “CRM is down” call from clients, and for on premises users, one of the most common reasons is expiring SSL certificates. If you just deploy CRM without claims authentication, when your CRM SSL certificate expires, CRM will still work, but users with receive a certificate error. However, if you […]