Thursday, March 6, 2014

SSL IN SP2013



Prerequisites:
  1. IIS 8
  2. SharePoint 2013
  3. Windows Server 2012
  4. HTTP Web Application on Port 80
Steps:
  1. Create Self Signed Certificate on IIS 8
  2. Import Self Signed Certificate to SharePoint Certificate store
  3. Add Self Signed Certificate to trust management in Central Administration
  4. Configure IIS Binding
  5. Configure AAM
  6. Notes
  7. Issues
Note: Make sure to perform these steps with admin privileges.

Step 1: Create Self Signed Certificate on IIS 8
Open IIS Manager and then go to Server name and choose IIS Section “Server Certificates

 

Click on Create Self-Signed Certificate... on Actions pane

Specify a name like “SharePointSelfSignedCert” and click Ok

 

Double click on this created Certificate and go to details Tab and click copy to File...

 

Click Next (Welcome…),

Select No, do not export the private key and click Next ,

Select DER encoded binary and click Next,

Specify the location for the certificate and Click Next and then finish (Imported).

Step 2: Import Self Signed Certificate to SharePoint Certificate store
To add the Certificates snap-in to an MMC for a computer account
  1. Click Start, type mmc in the Search programs and files box, and then press ENTER.
  2. On the File menu, click Add/Remove Snap-in.
  3. Under Available snap-ins, double-click Certificates.
  4. Select Computer account, and then click Next.
  5. Do one of the following:
    • To manage certificates for the local computer, click Local computer, and then click Finish.
    • To manage certificates for a remote computer, click Another computer, and then type the name of the computer, or click Browse to select the computer name, and then click Finish.
  6. If you have no more snap-ins to add to the console, click OK.
  7. To save this console, on the File menu, click Save.
Open Manage Compute Certificate on Windows Server 2012 and go to SharePoint node and then right click All tasks >> import

Click Next and then specify the location of exported certificate in previous step and then Click Next,

Make sure Certificate store is SharePoint and Click Next and then finish (Exported)

 

Step 3: Add Self Signed Certificate to trust management in Central Administration
Go to Central Administration >> Security >> Manage Trust (to inform SharePoint to trust this certificate also).

And Click New

And a name and specify the location for the certificate and Click Ok.


Step 4: Configure IIS Binding

Go to IIS Manager and choose your web application and then click on Binding in Actions pane


Click Add..

Type: Https

SSL Certificate: SharePointSlefSignedCert (which created previously).


Click Ok.

Step 5: Configure AAM

Go Central Administration >> Alternate Access Mapping and Choose your web application
And click on Edit Public URLs and then add HTTPS URL


And Click Save.

Now try to brows your site with HTTPS URL





Notes:
  1. Don’t use Self-Signed Certification in production sites (you need to use commercial Certificates).
    http://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
  2. If you add the Self-Signed Certificate to Trusted Root Certification Authorities then Certification error will disappear.
  3. IIS 8 and windows server 2012 introduce New Feature Called “Server Name Indication-SNI” which allows an IIS 8 to host multiple SSL sites and certificates on a single IP Address based on Host Headers.
    http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
  4. You can use URL Rewirte module in IIS 8 to redirect from HTTP to HTTPS or vice versa.
    http://www.iis.net/learn/extensions/url-rewrite-module/creating-rewrite-rules-for-the-url-rewrite-module
    http://ruslany.net/2009/04/10-url-rewriting-tips-and-tricks/ 
  5. SSL Certificates required for Federation Services.
Issues:

Issue #1: Mixed HTTP and HTTPS Content
If you login with HTTPS URL and then redirect the user to HTTP , the browser will ask the user again to login with HTTP URL.
Fix:
Go To Central Administration
Open Alternate Access Mapping (AAM)
Select your will application from the dropdown menu on top right
Click on Edit Public URLs and remove HTTPS URL
Click on Add Internal URLs and add HTTPS URL and select the same zone as HTTP URL

 



Posted by at No comments:

Sunday, March 2, 2014

New Features in SharePoint 2013

1. Content authoring: Content authors can now copy content from Word documents and paste them directly in various content editors in SharePoint 2013. The pasted content gets auto adjusted to the styles defined under the Site Designer. Authoring and content management capability is also extended to media files like videos and images.


2. New features improve Social Computing experience: The SharePoint 2013 user and administrative experience has been enhanced with the introduction of Community Site and Community Portal templates apart from the additions to My Site. Community Sites offer a forum to discuss, share views and ideas on a variety of topics. Apart from this, the improvements in My Site allow users to manage their personal interests better.


3. New enterprise wide search architecture: There is a new search architecture to carry out enterprise wide search. The new search feature is programmed to learn from the user’s search query inputs and provide matching results. The user can also get a preview of all the search results which helps him select the most suited. The enhanced crawling facility also allows the users to search through unstructured content. Administrators can enable continuous crawling which can be configured as necessary. Site Collection administrators can also create multiple search schemas for their Site Collections.


4. Optimized viewing experience on multiple mobile platforms: There are a host of additions to provide optimized viewing experience when using SharePoint 2013 through different mobile platforms. These are - the new Contemporary view (for better rendering on mobiles), Site rendering options (for rendering on different devices), Geolocation field type (for supporting mobile application development), Office Web apps (for viewing MS Office documents in mobiles), Push notifications (for sending device updates to Windows Phone device) and Business Intelligence content (for displaying Business Intelligence (BI) content).


5. Connect to external data through Business Connectivity Services: New capabilities in SharePoint 2013 allow you to connect to and use external data through SharePoint 2013 clients or through Office 365 clients. Features that make this possible are OData Business Data Connectivity support, apps for SharePoint, etc. 


6. Search, export and store content through eDiscovery:  The new feature that makes this possible is the eDiscovery Center Site template which creates a portal allowing the user to search, extract, store and export content.


7. New BI tools to help you analyze data: The new BI tools that help users analyze and explore data to derive meaningful and intelligent solutions are - Excel Services in SharePoint 2013, the MS Excel 2013, SharePoint 2013 Visio and SharePoint 2013 Server PerformancePoint Services.


8. New retention policies for Sites: The new Site-based retention policy makes it possible to create and manage retention policies that will now apply to any SharePoint 2013 Site.
Posted by at No comments:

Saturday, March 1, 2014

How to reset a forgotten SharePoint Farm Passphrase

I needed to join a new server to an existing SharePoint 2010 farm the other day, but the customer could not remember their farm passphrase.  Provided you can log on to an existing SharePoint server with a farm admin account, you can use the following to reset the password:

1. Open the SharePoint Management Shell (right click, ‘Run As Administrator’)

2. Issue the following command, and enter the new passphrase when prompted:

$passphrase = ConvertTo-SecureString -asPlainText -Force
3. Issue the following command and follow the onscreen instructions (essentially, it will ask you to confirm the passphrase and press ‘Y’):

Set-SPPassPhrase -PassPhrase $passphrase -Confirm


That’s all there is to it.  You have just changed your farm passphrase!
Posted by at No comments:
Subscribe to: Posts (Atom)