Dynamics Community Forum Thread Details

CRM OnPremise & Exchange Online Integration - Remove wildcard certificate from Dataverse App

Hello, I have successfully connected our Dynamics CRM On-Premises Development environment to exchange online utilizing this Microsoft article: Connect Exchange Online to Dynamics 365 Customer Engagement (on-premises) | Microsoft Learn

Now that this has been completed, I try to run the same instructions with the same wildcard certificate to connect our production environment I get this response from PowerShell message:

"Done with setting up certificate information.
Given the certificate is already associated with the principal linked to the appId 00000007-0000-0000-c000-000000000000. Cert thumbprint *ThumbPrintHere*. Not adding the cert principal.
Done with configuration of CRM server for server-based authentication with Online Exchange.
S2S Exchange Online Tenant ID is populated in configDB: *OrgIDHere*

After receiving this message, I ran the following script to see if it is attached to the Dataverse app within azure and it does return the correct wildcard.

#IDENTIFIES THE CERT BY THUMBPRINT IN BYTES
$appId = "00000007-0000-0000-c000-000000000000"

# Define the byte array (certificate thumbprint in raw bytes)
$thumbprintBytes = [byte[]](**thumbprint in bytes****)

# Get the service principal by App ID
$sp = Get-MgServicePrincipal -Filter "appId eq '$appId'"

# Match the byte array using string-joined comparison
$matchedCert = $sp.KeyCredentials | Where-Object {
    $_.CustomKeyIdentifier -ne $null -and
    $_.CustomKeyIdentifier.Count -eq $thumbprintBytes.Count -and
    ($_.CustomKeyIdentifier -join ',') -eq ($thumbprintBytes -join ',')
}

# Output result
if ($matchedCert) {
    Write-Host "Found certificate with matching byte array:"
    Write-Host "Display Name : $($sp.DisplayName)"
    Write-Host "Object ID    : $($sp.Id)"
    Write-Host "App ID       : $($sp.AppId)"
    Write-Host "Cert Start   : $($matchedCert.StartDateTime)"
    Write-Host "Cert End     : $($matchedCert.EndDateTime)"
} else {
    Write-Host "No matching certificate found for AppId $appId"
}

My problem now is how do I remove this certificate from the Dataverse app so that I can connect it properly to my production environment?

I have checked within azure enterprise app and there is no way to access the app registration for the Dataverse app, so I am assuming that this needs to be done via Microsoft Graph.

Does anyone have any suggestions on how to unlink the wildcard certificate from Dataverse so that I can re-add it to the production environment?

Categories:

Dynamics 365 general

Power Platform integration

1: Use a Separate Certificate for Production

Generate a new certificate (self-signed or CA-issued) for production.
Configure the production environment using this separate cert.
This is the recommended approach and avoids conflicts.

2: Remove Existing Binding (Not Supported by Customers)

There is no supported method for customers to delete key credentials from the 00000007-0000-0000-c000-000000000000 app.
You would need to open a Microsoft support ticket and request removal of the certificate binding from this service principal in your tenant.