285
Hi Guys, new to CRM administration. We are using CRM On-Prem Dynamics CRM 2016 (8.1.1.1005)
I am getting below error when logging in to CRM.
"Please update your certificate or Exchange Online integration will stop functioning in 22 Days."
Not sure how to update the certificate and wherein the system??
Can anyone please help? Any steps on how to solve this? Thanks
Yes its finally working now..
Just remove the old S2SToken certificate with:
(Add-PSSnapin Microsoft.Crm.PowerShell)
Remove-Crmcertificate
and then try to create a new trust with the new certificate with those steps:
Hi,
Because of expiring our wildcard with the SAME subject name I had to renew. but I read somewhere that the subject name may not be the same. To configure the new certificate you must delete the old one in de crm config, but I am not able to do that.
In my certificate store I only had 1 certificate and thats the new wildcard. How can a delete to old S2STokenIssuer certificate in a simple way?
Hey Nidnani,
As you are using Exchange online, the Digital certificate being used for server based authentication must have been issued by Trusted Certificate Authorities like DigiCert, GeoTrust, Symantec, Comodo etc.
Here is an example article from DigiCert CA on renewing existing certificate, depending upon the Certificate Authority, this process would differ a little however, more or less it remains the same just the websites user experience differs .
Since, the number of days left for the certificate expiration is too near, I would suggest you to connect with your security team who manages SSL/TLS digital certificates for your org so that this can be renewed on time.
The process of getting a new certificate issued mainly include these very common steps ::
1. Create a Certificate Signing Request (CSR)
A CSR is a file that you (or your server administrator) need to generate on the server that needs the certificate. You will generate it with a matching private key file that must remain on the server. The CSR contains the matching public key and other information like your organization's name, location, and domain name. If there are any mistakes in that information, you can correct them on the next step.
www.digicert.com/.../sample-csr.php
2. Validate domain name ownership with your certificate authority using TXT/CNAME etc. type DNS records.
www.digicert.com/.../dns-txt-dcv-method.htm
3. Submit the CSR over to your CA website.
4. After some time (Usually takes 30 minutes for me but may take upto 24 hours as well for some CAs), the digital certificate would be issued by your CA.
Please mark my comments as answered if this helped. :-)
Thanks,
Saurabh
Hey Nidnani,
The message states "Please update your certificate or Exchange Online integration will stop functioning in <number> days."
To resolve this issue, update the x509 digital certificate issued by a trusted certificate authority used to authenticate between Dynamics 365 (on-premises) and Exchange Online or SharePoint Online.
https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/administering-dynamics-365/dn946906(v=crm.8)#exchange-online-security-certificate-expiration-error-message-displayed-in-dynamics-365-on-premises-or-dynamics-365-for-outlook
Once, you have the new certificate, you may follow this documentation in order to re-configure server-based authentication between Dynamics 365 (on-premises) and Exchange Online ::
Set up server-based authentication with Microsoft Dynamics 365 and Exchange Online ::
https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/deploy/connect-dynamics-365-on-premises-exchange-online#set-up-server-based-authentication-with-microsoft-dynamics-365-and-exchange-online
Please mark my comment as answered if this helped to mitigate this issue. :-)
Thanks,
Saurabh
Do you have an IT department and do you know whether your environment is using ADFS to authenticate users in CRM? It could the certificate for your domain is expiring soon. I've recently updated my exchange certificate and I've also recently had to update my ADFS server from 2.0 to 3.0. It's a bit a of pain. If this is your issue, you will need to get the cert renewed which can take a week or longer to be validated. Then, you will need someone with administrative access to get on the server running your ADFS.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,280
Super User 2024 Season 2
#2
Martin Dráb
230,235
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (