Error after updating SSL certificate used by Microsoft Dynamics CRM 2013

Symptoms
Consider the following scenario:
After updating the SSL certificate used by Microsoft Dynamics CRM, you may encounter the following error messages when attempting to access the website or FederationMetadata.xml page:

Issue #1:

HTTP 500 Error ‘Keyset does not exist’

 Error: Unhandled Exception: System.ServiceModel.FaultException`1[[Microsoft.Xrm.Sdk.OrganizationServiceFault, Microsoft.Xrm.Sdk, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]]: System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error. Reference number for administrators or support: #61396B66Detail: -2147220970 System.Security.Cryptography.CryptographicException: Microsoft Dynamics CRM has experienced an error.

Keyset does not exist Not available Not available https://crmwebsite.domain.com/Handlers/FederationMetadata.ashx /Handlers/FederationMetadata.ashx ASHX_XML

Issue #2:

After deploying a new certificate using the Legacy key template, a ‘Keyset does not exist’ may occur

Cause

Cause #1:

The new certificate placed in the deployment may have been created using a CNG key template. Certificates created using a CNG key template are not supported by Microsoft Dynamics CRM
  See: https://technet.microsoft.com/en-us/library/gg188582(v=crm.6).aspx


Cause #2:

The new certificate’s Cryptographic Service Provider setting was not configured to act as an encryption certificate. This setting on the new certificate was set to ‘Microsoft RSA SChannel Cryptographic Provider (Signature)’. This is the default Cryptographic Service Provider setting when a custom certificate request is generated. Even though an encrypt option exists on the cert, this configuration overrides as a signing certificate that causes the certificate to be invalid for encryption purposes.

Resolution

Create a new custom certificate request using the Legacy key template and set the Cryptographic Service Provider setting to ‘Microsoft RSA SChannel Cryptographic Provider (Encryption)’
   See: https://technet.microsoft.com/en-us/library/cc730929.aspx

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.
Properties

Article ID: 3079686 - Last Review: 07/13/2015 13:32:00 - Revision: 1.0

Microsoft Dynamics CRM 2011, Microsoft Dynamics CRM 2013, Microsoft Dynamics CRM 2013 Service Pack 1, Microsoft Dynamics CRM 2015

  • kbmbsmigrate KB3079686
Feedback