Enabling SSL on the
CRM SBE Website (WIP)
by Andy Goodman [SBS-MVP]
So you followed my instructions and you have a functional CRMsbe installation, if not see the troubleshooting article before proceeding. So now you want to enable SSL so the transactions are more secure. Well you've come to the right place :>), but let me emphasize these instructions are for CRM 3.0 Small Business Edition with ISA 2004 only, and may only work if you did the integrated install (the first choice when installing). They have not been tested if you did the manual install (the second choice) as outlined on the Magical M&M's Site or you don't have ISA 2004.
Also let me warn you ahead of time, in order to make this work currently you are going to need to modify the registry, so if you don't feel comfortable doing that, please call in an expert to help. Also all those warnings about editing the registry you have ever read apply here also, back it up and be careful. We assume no responsibility for you hosing your system even if it was because of an error in this document or a typo, USE THESE INSTRUCTIONS AT YOUR OWN RISK! You can render your system unuseable.
So lets get started, you did at least do a system state backup correct, personally I would have a complete (tested) backup before starting.
So fire up Regedit, if you don't know where, please see my advice on hiring someone to help you.
We need to tell the system how to find the CRM Website, we
are going to be changing the port to 446 and we will be requiring
SSL so the address will need to start with https instead of http
Drill down to HKLM\Software\Microsoft\MSCRM
Double click on the ServerUrl key on the right
We need to tell the system how to find the CRM Website, we
are going to be changing the port to 446 and we will be requiring
SSL so the address will need to start with https instead of http
Edit the string as in the above picture, of course leaving
your computer name.
My computer name in the example is CRMSBESANDBOX
So now it should look like the picture above.
Now once make these changes, we will break the links that
tell the Fax Router where the CRM Web Site Live
So lets fix that now.
Drill down to HKLM\Software\Microsoft\MSCRM Email
Double click on the ServerUrl key
Change it to https://ServerName:446
It should now look like the above with your ServerName instead of mine.
Drill down to HKLM\System\CurrentControlSet\Services\MSCRMExRouterService
Double click on the MailBoxesInfo key
Change the first section to https://ServerName:446;
Drill down to HKLM\System\CurrentControlSet\Services\MSCRMFaxService
Double click on the FoldersInfo key
Change the first section to
https://ServerName:446;
Close the registry editor
Now we need to tell the system that we are using port 446
for SSL
The easiest way I know how to accomplish this is to use a little tool
from www.ISAtools.org called ISAtrep which
you can find HERE
Go ahead and download and install it, I will wait right here.
Start it up and you will see a window similar to the above
picture
Note: you will have less entries as this system already has a couple of
modifications. A default install will have the entries I have as 1,4 & 5.
Add 446 in both the LowPort and the HighPort boxes
Click the Add Tunnel Range button
It will look like nothing is happening for quite a while,
WAIT
You should get a successful message after a few minutes
And you should see your new port range listed on the right.
Things are progressing nicely!
Now we are ready to actually change the web site settings.
Open up the Server Management Console
Go to the Advanced Management Section
Drill down to the Microsoft CRM v3.0 web site, as above
Right Click and choose Properties
Go to the Web Site tab
Set the SSL port to 446
Go to the Directory Security tab
In the Secure communication section click the Edit button
Check Require secure channel (SSL)
If your users browsers support it, I would also recommend checking Require
128-bit encryption
Now in the same section click the Server Certificate button
Click Next in the wizard's first window
Check the radio button called Assign an existing certificate
Highlight the certificate that is listed as publishing.YourDomainName
Enter 446 in the SSL port box
Read the summary and if it looks right click Next
Now click the obligatory finish button.
Next we need to tell the system we made some changes.
Now open up a Command Prompt and run IISRESET to apply our changes
Now when you try to access the insecure site, you get the
warning page above
But when you go to the secure site from inside the lan https://crmsbesandbox:446 you get the familiar CRM entry screen.
Note: if you don't have the SSL Certificate on your
workstation you will receive a Security Alert
to solve this issue see my HowTo
article for installing the Certificate
.
