CRM 2011 ADFS comes with a unqiue feature: Auto-Rollover for SSL Certification expiration. You must load the new SSL certificate on the box prior to the Auto-Rollover. We are finding out this might be as automatic as once thought.
If your ADFS console looks like the following and your CRM is not working the steps are listed below:
From the CRM Deployment Manager, run the through the configuration wizards for setting up both Claims based Authentication and Internet Facing Deployment (IFD). These located on the top right of the CRM deployment manager. You just need to click next through again, all the values will be there from your existing setup. Next, Restart the IIS Server (IISReset on a administrator command prompt) on the CRM Server as shown below:
Next, on the ADFS server, locate the ADFS Windows Service in services, and restart the service, the issue and IISRestart command as above. You may also restart the service from the command line:
Now you should be able to succesfully use your CRM system again. Enjoy
Please see my other posts about enabled auto-rollover: