Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Configure CRM OnPrem w...
Microsoft Dynamics CRM (Archived)

Configure CRM OnPrem with Sharepoint Online Certificate Error

(0) ShareShare
ReportReport
Posted on by GTW 321

Hello all,

I'm attempting to configure our On-Premise CRM 2016 to work with Sharepoint Online via server-based authentication. I'm following the steps in https://technet.microsoft.com/en-us/library/mt171421.aspx and running into some issues.

Specifically, step 2 is to "Prepare the certificate" using the powershell commands:

$CertificateScriptWithCommand = “.\CertificateReconfiguration.ps1 -certificateFile c:\Personalcertfile.pfx 
-password personal_certfile_password -updateCrm -certificateType S2STokenIssuer 
-serviceAccount contoso\CRMAsyncService -storeFindType FindBySubjectDistinguishedName”

Invoke-Expression -command $CertificateScriptWithCommand


I've exported our certificate (wildcard, being used for remote gateway etc so I know it works) via the Certificates MMC with a private key, and used the password in the command above (I'm listing the generic command for obvious reason). 

When I run the Invoke-Expression I get the message:

    "Certificate private key is not found"

I've tried exporting the certificate on a different server, tried changing the password, none seems to get around this error. A search here as well as on Google doesn't seem to find anything, so I must be doing something glaringly wrong.

Any ideas are greatly appreciated.


Thanks

Garrett

*This post is locked for comments

  • Suggested answer
    d3h563 Profile Picture
    d3h563 5 on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    Change Line

    CertUtil -f -p $password -importPFX $certificateFile | Out-Null

    into

    CertUtil -csp "Microsoft Enhanced RSA and AES Cryptographic Provider" -f -p $password -importPFX $certificateFile | Out-Null

    This would ensure imported Certificate uses CSP instead of KSP which seems to be required.

  • Suggested answer
    Rahul-Jha Profile Picture
    Rahul-Jha 5 on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    You need to have private key generated in legacy key.

    use the below CSP when generating CSR or while selecting CSP for the private key.

    Microsoft RSA SChannel Cryptographic Provider

    Thanks,
    Rahul

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    docs.microsoft.com/.../troubleshooting-server-based-authentication

    There is a section: "Private key not found” error message returned when you run the CertificateReconfiguration.ps1 Windows PowerShell script"

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    I'm having the same issue as well.  I'm using a certificate issued by my domain CA.  Any resolution yet?

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    I have the exact same issue, did you resolve this?

  • Knut Eivind Handeland Profile Picture
    Knut Eivind Handeland 10 on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    Hi, got the same error, but found out that the reason was that I had forgot to start PowerShell with Administrative Rights.

    Right-click the PowerShell icon and select Run as administrator

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    Hi, 

    Check this below:

    Private key not found” error message returned when you run the CertificateReconfiguration.ps1 Windows PowerShell script

    Applies to: Microsoft Dynamics 365 (online) with Microsoft SharePoint on-premises, Microsoft Dynamics 365 on-premises with SharePoint Online, Microsoft Dynamics 365 on-premises with SharePoint on-premises

    This issue can occur when there are two self-signed certificates located in the local certificate store that have the same subject name.

    Notice that this issue should only occur when you use a self-signed certificate. Self-signed certificates should not be used in production environments.

    To resolve this issue, remove the certificates with the same subject name that you don’t need using the Certificate Manager MMC snap-in and note the following.

  • GTW Profile Picture
    GTW 321 on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    I tried re-exporting the certificate with all extended properties and got the same result. I will try your suggestion on the self-signed.

  • GTW Profile Picture
    GTW 321 on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    Hello and thanks for the suggestion.

    In this case, I am using a publicly-purchased SSL wildcard certificate and not a self-signed. Does this make a difference? I would assume the "official" certificate should work.

    I don't think I selected to export all extended properties, so I will try that with this cert.

    If there is a reason we'd need to use a self-signed, I can try that as well.

    Thanks,

    Garrett

  • Suggested answer
    Nadeeja Bomiriya Profile Picture
    Nadeeja Bomiriya 6,804 on at
    RE: Configure CRM OnPrem with Sharepoint Online Certificate Error

    Hi GTW,

    How did you create your self-signed certificate? In the past I found that not all self-signed certificates work.  The method I use is using Windows SDK - MakeCert command.

    Download Windows SDK.

    https://developer.microsoft.com/en-us/windows/downloads/windows-8-sdk

    Use below command to generate the certificate.

    makecert -r -pe -e 12/23/2017 -eku 1.3.6.1.5.5.7.3.1 -ss My -n CN=*.xxxxxx.xxxx -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -len 2048

    Also make sure to include Private Key and all extended properties when exporting.

    Hope this helps.

    Cheers,

    Nadeeja

    If the answer solves your problem, please mark as Verified. Thanks.

    My Blog: http://dyn365apps.com/ - Follow me on Twitter: https://twitter.com/dyn365apps

    LinkedIn: https://www.linkedin.com/in/nadeeja

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Announcing Our 2025 Season 1 Super Users!

A new season of Super Users has arrived, and we are so grateful for the daily…

Vahid Ghafarpour – Community Spotlight

We are excited to recognize Vahid Ghafarpour as our February 2025 Community…

Tip: Become a User Group leader!

Join the ranks of valued community UG leaders

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 292,489 Super User 2025 Season 1

#2
Martin Dráb Profile Picture

Martin Dráb 231,305 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans