Troubleshooting Certificate Error while configuring Claims-Based Authentication

By | March 21, 2014

When we configure Claims-Based Authentication in Microsoft Dynamics CRM 2011 Deployment Manager, we may receive the following error.

The encryption certificate………does not exist in the local computer certificate store

1

You can use the following solution in order to resolve the above error.

  • Add a certificate in “Certificate (Local Computer) -> Personal -> Certificates” along with Trusted Root Certification Authorities.

2

  • Give at least read permissions to the account used for CRMAppPool application. If ADFS is running on another server, then verify whether the account used for the ADFSAppPool application pool has Read permissions.
  • While selecting the certificate from Claims-Based Authentication wizard, you will have an option to Install certificate.

 3

            Install certificate in Personal as well as in Trusted Root Certification Authorities.

  • If you are attempting to renew the certificate and if both old and new certificate exist in Personal as well as in Trusted Root Certification Authorities location, then we may get the aforesaid error while configuring Claims-Based Authentication. Here, you can solve this by deleting the old certificate from both Personal as well as from Trusted Root Certification Authorities location; then configure the Claims-Based Authentication with new certificate. Otherwise, if you don’t want to delete the old certificate; you can tackle this error by removing the old certificate from only the Personal location.

————————————————-

Posted by: Inogic

For more information/discussions (documents, sample code snippets, detailed work flow or diagrams)

Please be free to visit the following links or email us:

Web: http://www.inogic.com

Blog: http://www.inogic.com/blog

Email: news@inogic.com

————————————————–

 

 

One thought on “Troubleshooting Certificate Error while configuring Claims-Based Authentication

  1. jeff

    Note if you renewed your cert or created a new one and the Subject and Issuer are the same, and no friendly name is used, you will need to remove the old cert prior or you will also get the same message “The encryption certificate………does not exist in the local computer certificate store”

Comments are closed.