Friday, 8 August 2014

Converting Central Admin to SSL

During the installation of SharePoint there isnt an option to use SSL for Central Admin. I would recommend that even if you dont use SSL for any of your sites, Central Admin should. 

Steps overview

  1. Get the SSL Certificate
    1. Obtain from Trusted Certificate authority or
    2. Create a Self-signed SSL certificate
  2. Edit the Binding of the web application in IIS
  3. Execute STSADM Command to Update Registry Settings on the SharePoint Farm
  4. Change the alternate access mapping(AAM)
1. Get an SSL certificate
you can either get your certificate from a trusted cert provider such as Verisign, DigiCert etc. or you can create your own 'Self Signed'.

To start, connect to the server that hosts Central Admin, and launch IIS Manager.
Click on the server in the connection column on the left, then double click 'server certificates'.




Click 'Create Self-Signed Certificate'






Choose a friendly name and click next e.g 'Intranet Certificate'

You should now see that the new certificate has been added to a list of server certificates.


1. Edit central admin binding in IIS

Select your Central Admin site from the sites folder on the left. Then click 'Bindings'.


Click 'add' then select 'https'. The Port and IP address should already be the same as the image below. 
Under SSL certificate choose the name of the certificate you created in the last step. 
Finally, click 'OK' accepting any warning you might see. 


You should now see to bindings for the site. select the original http binding and click remove. 
Close the site bindings window.

double click 'SSL Settings' from the 
We need to force the site to use only use SSL by choosing 'Require SSL'


3. Execute STSADM Command to Update Registry Settings on the SharePoint Farm 

Launch the command prompt and execute the following command to update the port for central admin across the Farm.


4. Change the alternate access mapping in Central Admin

if you lauch Central Admin now, it should be working over SSL, but will give you a warning about the sites security certificate. To stop this from happening we need to modify the AAM to include the FQDN.

From central admin select 'Configure alternate access mappings' from System Settings. 
  

Click 'Edit Public URLs'
Select the Central Admin collection.


Change the default url to include your fully qualified domain name (FQDN)








Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)