1. Delete the old cert using MMC on the CRM web servers & ADFS servers. Verify removal of the cert by reviewing your IIS https bindings. [notice][/notice] If this cert is kept CRM authentication will not work.
2. Add the new cert to the ADFS server first. Import new cert into MMC cert snap-in console. Be sure your AppPool user account has read permissions. You also need to be sure that the ADFS service user account has full permissions to the cert. Bind new cert to https in IIS. From your cmd line, perform an IISreset.
To add permissions to the cert in the cert MMC right click on the certificate you are going to use, click on All Tasks then Manage Private Keys
Now add your service and grant the rights for each server.
3. Add the new cert to your CRM Web App Server(s). Import new cert into MMC cert snap-in console. Be sure your AppPool user account has read permissions. Bind new cert to HTTPS in IIS. Now from cmd line, perform an IISreset.
4. On your ADFS server, update the cert in ADFS MGMT console. Under Service > Certificates > Set Service Communications Certificate to new cert.
5. Back again to your CRM Web server, fire up the ‘Configure Claims Wizard’, update to the new certificate, and apply.
6. On the ADFS server, in the ADFS Mgmt Console, under ‘Trust Relationships’, update relying trust federation metadata for all instances.
7. Test CRM. Again if you get an authentication error or other error make sure you delete your old certificate