Wednesday, 24 July 2013

SharePoint 2013 SSL Certificate configuration

I found a great post of Tomas Balkestahl, in which he discusses the steps of configuring SSL and Alternate Access Mapping in SharePoint 2013.

In my scenario, as of now, the SSL is needed to secure a connection to the SharePoint apps that we intend to download from the SharePoint store. We opted for a wildcard certificate since every App generates its own URL that needs to be secured.
We have no Web Application for the apps yet. It will be created at a later stage and there will be no separate domain for the apps too. The business requirement was to secure the main company domain with the wildcard certificate hence we isolate apps in a different Web Application and keep their sites in restricted zone.
[To start with, you could not host your apps on a Web application with Alternate Access Mapping configured. It looks like now, you can! ]

#################################################################################

One of the feature updates of the March 2013 Public Update for SharePoint 2013 enables you to use multiple app domains in SharePoint 2013 environments with alternate access mapping or host-header web application configurations. For more information, seeEnable apps in AAM or host-header environments for SharePoint 2013.


Copyright: Microsoft Corporation
#################################################################################

So, for the time being, we just installed an SSL Certificate on our main Web Application used for portal and configured it to use HTTPS only. The same procedure would have to be repeated with every other Web application we have or we ought to have.

If you follow the steps in the post of Tomas Balkestahl you will be able to find out how to install an SSL Certificate and configure bindings.
In my case, the SSL Certificate was installed for me and the binding were configured as well:


I had to set up AAM in SharePoint 2013 for a given Web Application and configure a local machine to access the HTTPS sites.

Central Administration -> Configure alternate Access Mapping :

#################################################################################

-
httpsAAM1x
5.2 Next thing we want to do, is to alter the existing Public URL so that it uses https instead of http. Since all else is ok, add the s…
httpsAAM2x
5.3 Ok on that will give you this view, note that both the Internal URL and the Public URL has changed. This site is now only accessible by the https protocol. (Not entirely true, but true enough)
httpsAAM3x
5.4 I always like to be able to type in the default http URL in my browser, and if the site uses https, be redirected automatically. This is rather easy to do in SharePoint, simply add an Internal URL using http and add it to the Default zone which will direct us to the Public URL using https. It may sound difficult but trust me, it just works.
If you are interested in Learning more about Alternate Access Mappings and the inner workings, I have a free whitePaper published on the subject for 2010 Here and a basic post for 2013 Here.

Anyways, click on the Add Internal URLs link and simply add the same URL using http, make sure that the default zone is selected.
-
Note: The zones used in AAM has NO RELATION with the zones in Internet Explorer, they are named similar, but they have no connection whatsoever.
httpsAAM4x
5.5 Now the list should look like this, note that you have http and https on the left (incoming traffic) and only https on the right (target):
httpsAAM5x
You are now done configuring your Alternate Access Mappings!

Copyright Tomas Balkestahl

#################################################################################

The above procedure will indeed get HTTPS protocol to work. It will not however automatically redirect HTTP requests to the HTTPS. Instead, users will see HTTP 403 Forbidden error.

Stay tuned to see how I have tackled this!

2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Hi thomas, i'm about to purchase a individual ssl certificate for my sharepoint . The sharepoint is manage by an outsource vendor, my biggest concern is when SSL certificates is deploy, will it be any changes has to be done in the source code of the sharepoint application such as changing the link in the sourcecode from http to htpps. Because according to the vendor, it will takes a lot of change request in the sharepoint source code and they charge will unreasonable price. Supposedly SSL is just a communication between server and user right?

    ReplyDelete