Setup SSL in SharePoint 2013
In the last article (link below), you learned how to setup SSL in SharePoint 2013 using commercial certificate.
Setup SSL in SharePoint 2013 using commercial certificates
In this article, you will learn how to setup SSL using self-signed certificate. This is useful if you are setting up a development environment or want to test SSL locally. It provides same level of protection as any other commercial certificate and you don’t have to pay for it. Why then people use commercial certificates? It’s a matter of trust. Basically you are asking your site users to trust you. It may work in some scenarios but might not work if your site is public facing (Internet). Why would people search you, they don’t know you. So, you can use self-signed certificate locally for testing but for production you should use a reliable third party certificate issuing authority like Verisign, Thwarte, etc.
Follow the steps below to create a self-signed certificate for your site:
- Open IIS 7.0.
- Click on the server name in the navigation tree on the left.
- On the right side, Under IIS, double-click Server Certificates.
- On the extreme right, under Actions click Create Self-Signed Certificate link.
- Enter a friendly name for the certificate, for example, I entered WS (for Wali Systems).
- Double-click the newly created certificate.
- Click on Details tab.
- Click Copy to File button.
- Certificate export wizard will start. Click Next.
- By default second option No, do not export the private key is selected. Keep it selected and click Next.
- Keep the default option DER encoded binary X.509 (.CER) selected and click Next.
- Click Browse to go to the folder where you want the file to be saved. Enter file name and click Save.
- Click Next and then Finish. Click Ok to close the success message box. Click OK to close the Certificate window.
- Click Start > Run and type mmc and click OK. MMC console will open.
- From File, select Add/Remove Snap-in.
- Select Certificates from available snap-ins and click Add >.
- Select first option My user account and click Finish.
- Click OK.
- Expand Certificates – Current User node.
- Expand Trusted Root Certification Authorities and click Certificates folder.
- Right-click Certificates folder and select All Tasks then select Import.
- Browse to the certificate (.cer) file that you saved earlier. Click Next.
- Select Place all certificates in the following store and leave default store selected. Click Next.
- Click Finish.
- You will get The import was successful message. Click Ok.
- This step is not required if you have a single server farm but if you are setting it up in a medium or large farm, then you should add certificate to the Trust Relationships in central administration site.
- Open central administration site. Go to Security section (Click Security under Central Administration on the left).
- In General Security section, click Manage Trust.
- In the ribbon, click New button.
- Add a name for this trust relationship.
- Click Browse to import the certificate. This is mandatory regardless of whether you want to provide to or consume trust from the other farm.
- Leave Provide Trust Relationship unchecked unless you want to provide trust to another farm. This is optional.
- Click OK.
- $trustcert = new-object system.security.cryptography.x509certificates.x509certificate2(“C:\\ws.cer”)
- New-sptrustedrootauthority –name “SP Cert” –certificate $trustcert
Create New Web Application For SSL
- Go to central administration. Click Manage web applications.
- Click New button in the ribbon.
- Select Create a new IIS web site. Change Port to 80.
- In the Host Header, enter the URL that want to use for this web application. For example, I wanted to use “sp2013.walisystems.com” because that was the URL for which the certificate was issued therefore I entered ”sp2013.walisystems.com”. Note: Do not add HTTP in the URL.
- In Security Configuration section, select Yes in Use Secure Sockets Layer (SSL).
- Keep all other default options selected and click OK.
- After web application is created, create a site collection at the root level.
Change Alternate Access Mappings
- In Central Administration Site, go to Application Management section and click Configure alternate access mappings.
- Change site collection in the drop down. Select the one that you just created. Click Add Internal URLs.
- Enter complete URL that starts with HTTPS. For example, “https://sp2013.walisystems.com”.
- Change Zone to Custom or Extranet.
- Click Save.
Bind Certificate To Your Site
- Finally, bind certificate to your site. Open IIS.
- Click server name. Expand Sites node.
- Click site name that you will bind to the SSL certificate.
- On the right, under Actions, click Bindings.
- Click Add.
- In Type, select https.
- Keep 443 in the Port. This is default port used for SSL.
- In SSL Certificate, select the certificate you just installed. Click OK. That’s it.