web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / IFD without wildcard c...
Microsoft Dynamics CRM (Archived)

IFD without wildcard certificate

(0) ShareShare
ReportReport
Posted on by Chibby 195

Hi,

We are about to configure IFD but a wildcard SSL certificate is not acceptable with our security policy.

I have carefully read the IFD guide which is quite clear that a wildcard is recommended.  However, in a relatively simple scenario, is it not possible to use one or more specific SSL certificates instead of a wildcard?

Our setup will be:

1)  Separate ADFS and ADFS proxy servers already in place.

2)  One CRM IIS server

3)  Only 1 production CRM organisation - let's call it 'mycrm'

4)  Lets assume Internal and External claims URLs of https://internalcrm.domain.com and https://mycrm.domain.com

Any expert clarification of the CN names and certificates to be purchased would be much appreciated!

 

 

*This post is locked for comments

I have the same question (0)
  • Verified answer
    Community Member Profile Picture
    Community Member on at

    You will need certificates for ADFS and for CRM. You need either a single certifcate with several "subject alternative names" (a SAN certificate), or separate ones for each service.

    Names you need will include:

    internalcrm.domain.com (either real internal server name or host name used in DNS)

    mycrm.domain.com (external access to your org)

    AnyOtherOrg.domain.com (if you host a dev, test, or training environment accessed externally for example)

    ADFS.domain.com (some articles use different names such as STS.domain.com, or an entirely different name altogether, choose whatever suits you)

  • David Beaven Profile Picture
    David Beaven on at

    What about the discovery and authentication web service? - both should be in subdomains as far as I'm aware and should have san entries e.g. dev.crm.domain.com and auth.crm.domain.com

    Note I have used a subdomain for crm in any case as recommended in https://support.microsoft.com/en-us/help/3045286/passive-federation-request-fails-when-accessing-an-application-using-ad-fs-and-forms-authentication-after-previously-connecting-to-microsoft-dynamics-crm-also-using-ad-fs

  • Chibby Profile Picture
    Chibby 195 on at

    Yes, you also need those two as SANs on the certificate.  

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans