Set-CrmCertificate : Source : mscorlib Method : HandleReturnMessage Date : 2:22:44 PM Time : 6/2/2016 Error : Message: TrustedIssuer is not supported settable Certificate Type through DWS. ErrorCode: -2147220970 Stack Trace :Bummer! So I used the following:
Set-CrmCertificate -DataFile C:\okta.cert -StoreName "My" -CertificateType "AppFabricIssuer" –StoreLocation “LocalMachine” –StoreFindType “FindBySubjectDistinguishedName”Don't let the store location fool you, it isn't stored in the cert store but the cert content is actually stored in the CRM Config database. Once the cert is imported then you can go into the MSCRM_CONFIG database and edit the new certificate entry in the Certificates table by changing the Type from AppFabricIssuer to TrustedIssuer. There may be a better way of doing this that I'm not aware of.
<EntityDescriptor ID="........" entityID="https://appname.domain.xyz/">