Prerequisites:
- IIS 8
- SharePoint 2013
- Windows Server 2012
- HTTP Web Application on Port 80
Steps:
- Create Self Signed Certificate on IIS 8
- Import Self Signed Certificate to SharePoint Certificate store
- Add Self Signed Certificate to trust management in Central Administration
- Configure IIS Binding
- Configure AAM
- Notes
- Issues
Note: Make sure to perform these steps with admin privileges.
Step 1: Create Self Signed Certificate on IIS 8
Open IIS Manager and then go to
Server name and choose IIS Section “Server Certificates”
Click on Create Self-Signed
Certificate... on Actions pane
Specify a name like
“SharePointSelfSignedCert” and click Ok
Double click on this created
Certificate and go to details Tab and click copy to File...
Click Next (Welcome…),
Select No, do not export the
private key and click Next ,
Select DER encoded binary and
click Next,
Specify the location for the
certificate and Click Next and then finish (Imported).
Step 2: Import Self Signed Certificate to SharePoint Certificate
store
To add the Certificates snap-in to
an MMC for a computer account
- Click Start, type mmc in the Search programs and files box, and then press ENTER.
- On the File menu, click Add/Remove Snap-in.
- Under Available snap-ins, double-click Certificates.
- Select Computer account, and then click Next.
- Do one of the following:
- To manage certificates for the local computer, click Local computer, and then click Finish.
- To manage certificates for a remote computer, click Another computer, and then type the name of the computer, or click Browse to select the computer name, and then click Finish.
- If you have no more snap-ins to add to the console, click OK.
- To save this console, on the File menu, click Save.
Open Manage Compute Certificate
on Windows Server 2012 and go to SharePoint node and then right click
All tasks >> import …
Click Next and
then specify the location of exported certificate in previous
step and then Click Next,
Make sure Certificate store is
SharePoint and Click Next and then finish (Exported)
Step 3: Add Self Signed Certificate to trust management in
Central Administration
Go to Central Administration
>> Security >> Manage Trust (to inform SharePoint to trust
this certificate also).
And Click New
And a name and specify the location
for the certificate and Click Ok.
Step 4: Configure IIS Binding
Go to IIS Manager and choose your
web application and then click on Binding in Actions pane
Click Add..
Type: Https
SSL Certificate: SharePointSlefSignedCert (which
created previously).
Click Ok.
Step 5: Configure AAM
Go Central Administration >> Alternate
Access Mapping and Choose your web application
And click on Edit Public URLs and
then add HTTPS URL
And Click Save.
Now try to brows your site
with HTTPS URL
Notes:
- Don’t use Self-Signed Certification in production
sites (you need to use commercial Certificates).
http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm - If you add the Self-Signed Certificate to Trusted Root Certification Authorities then Certification error will disappear.
- IIS 8 and windows server 2012 introduce New Feature
Called “Server Name Indication-SNI” which allows an IIS 8 to host
multiple SSL sites and certificates on a single IP Address based on Host
Headers.
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability - You can use URL Rewirte module in IIS 8 to
redirect from HTTP to HTTPS or vice versa.
http://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
http://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/ - SSL Certificates required for Federation Services.
Issues:
Issue #1: Mixed HTTP and HTTPS Content
If you login with HTTPS URL and then
redirect the user to HTTP , the browser will ask the user again to login with
HTTP URL.
Fix:
Go To Central Administration
Open Alternate Access Mapping (AAM)
Select your will application from
the dropdown menu on top right
Click on Edit Public URLs and remove
HTTPS URL
Click on Add Internal URLs and add
HTTPS URL and select the same zone as HTTP URL