Recent security enhancements require the Microsoft Dynamics CRM Online service to use a new certificate to authenticate against the Windows Azure service. These changes are necessary, and will allow the messages sent from the Microsoft Dynamics CRM Online service to your Windows Azure service endpoint to be authenticated with both the current certificate and the newer certificate. We have identified Customers who use the Windows Azure Service Bus integration feature in Microsoft Dynamics CRM Online and have sent communications directly to those System Admins who utilize this feature. Please refer to these additional resources on making this change:
Support Knowledge Base (KB) Article
The go-live date is Thursday, April 25th 2013 for the new certificate. This configuration change should be made before Thursday, April 25th 2013 globally to ensureminimal impact.
Note: Do not remove the old certificate until after 4/25/2013, as the new one is not valid until this date. However, both the new and old certificates can exist simultaneously without issues.
If you don’t make these changes, any integrations to Microsoft Dynamics CRM that use the Windows Azure Service bus will stop working. Also, if you use PluginRegistration tool to verify authentication, you’ll see an error message similar to this one: “The token provider was unable to provide a security token. The remote server returned an error: (401) Unauthorized”.
In order to serve you better, we are consolidating our certificate renewal process. Moving forward, certificate renewals will occur around this time period every other year. Our goal is to help ease any planning efforts and reduce any impact to your business.