When attempting to setup Claims-Based Authentication for CRM 2011 from a client-side ADFS server, you encounter the following error: The encryption certificate “…..” does not exist in the local computer certificate store.

The encryption certificate does not exist CRM

Now, in this case, it is happening after you have just renewed your SSL Wildcard certificate. After a few ponderous moments of head-scratching and chin-rubbing, you go back and double-check that on your CRM server, the new SSL certificate is stored in the correct places within the Microsoft Management Console.

To check, you go to Start-Run-MMC.exe and first load your Certificates snap-in by doing the following: from MMC – File – Add or Remove Snap-ins – Certificates Computer Account – Local Computer.

MMC - Snap-in - Certificate

You check in both the MMC – Certificates – Personal & Trusted Root Certification Authorities stores. The new wildcard SSL certificate is in both stores. Now, at this point you also notice that the old wildcard SSL certificate is in the Personal store. Once you have removed the old certificate from the store (and you may wish to verify that it is not in Trusted Root Certification Authorities store as well), the error dissipates and you can now successfully complete the Claims-based Authentication setup.

For more information about this error, please visit here:  http://inogic.com/blog/2014/03/troubleshooting-certificate-error-while-configuring-claims-based-authentication/


Like this post? Share it!